blog.mozilla.org uses invalid SSL certificate

RESOLVED WORKSFORME

Status

RESOLVED WORKSFORME
6 years ago
5 years ago

People

(Reporter: mcsmurf, Unassigned)

Tracking

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
When I go to blog.mozilla.org or blog.mozilla.com, I get an invalid SSL cert warning as that website redirects me to https://blog.mozilla.org. https://blog.mozilla.org uses a SSL cert that was created for blog.mozilla.com though:
"blog.mozilla.org uses an invalid security certificate.
The certificate is only valid for blog.mozilla.com
(Error code: ssl_error_bad_cert_domain)"
(Reporter)

Comment 1

6 years ago
Actually I think this bug belongs in this component as Bug 782228 was also filed there. Bug 782228 was resolved as WFM though a few weeks ago, not sure why.
Assignee: nobody → server-ops-webops
Component: blog.mozilla.org → Server Operations: Web Operations
Product: Websites → mozilla.org
QA Contact: cshields
Version: unspecified → other
(Reporter)

Comment 2

6 years ago
Created attachment 663651 [details]
openssl output

This is the output from the "openssl s_client -showcerts -connect blog.mozilla.org:443" command (via Cygwin command line on Windows).

Comment 3

6 years ago
Does it work if you enable this:

Options > Advanced > Encryption > Use TLS 1.0
:mcsmurf - our load balancer uses hostname matching, which requires support of the TLS 1.0 'server name indication'. without TLS 1.0 enabled, this would explain why your browser is receiving the blog.mozilla.com certificate (similar to your openssl s_client attempt.

mjh563@yahoo.co.uk comment looks to be on the right track here.
(Reporter)

Comment 5

6 years ago
Indeed, seems to work now. I did not enable TLS though (it was already enabled), I just restarted my browser. Strange, resolving as wfm. BTW: Even with TLS 1.0 enabled, the cert check fails in Internet Explorer 8. But maybe IE 8 did not implement the standard correctly.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WORKSFORME
(Reporter)

Comment 6

6 years ago
To respond to myself: IE 8 under WinXP does not support server name indication, Windows Vista or higher is required for that.
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.