X
Tippen Sie hierhin, um die Version dieser Website für Mobilgeräte aufzurufen.
Scheduled maintenance: Thursday, April 2, between 3pm and 5pm UTC. This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn’t solve your issue and you want to ask a question, we have our support community waiting to help you at @firefox on Twitter

Hilfeforum

Error code: SSL_ERROR_BAD_CERT_DOMAIN - certificate is not valid for the following names

Veröffentlicht

Hi,

i have a problem with certificates for local domains. An app for compiling Sass files (CodeKit) provides a local server on the Mac. The app creates a root certificate (authority certificate) which I have imported into Firefox (Prefs -> Privacy & Security -> View Certificates -> Authorities -> Import).

When I now call the URL generated by the app in Firefox (https://marios-imac.local:5757/) I get the error message "SSL_ERROR_BAD_CERT_DOMAIN" and "The certificate is only valid for the following names:" But this list shows the correct URL! I have attached two screenshots.

Calling the TLS URL in Safari, Chrome and Opera works without any error message!

Is this a bug or am I doing something wrong? I have already deleted Firefox completely and created a new user account (for Firefox and in Mac OS X), but nothing has helped.

Mario

Hi, i have a problem with certificates for local domains. An app for compiling Sass files (CodeKit) provides a local server on the Mac. The app creates a root certificate (authority certificate) which I have imported into Firefox (Prefs -> Privacy & Security -> View Certificates -> Authorities -> Import). When I now call the URL generated by the app in Firefox (https://marios-imac.local:5757/) I get the error message "SSL_ERROR_BAD_CERT_DOMAIN" and "The certificate is only valid for the following names:" But this list shows the correct URL! I have attached two screenshots. Calling the TLS URL in Safari, Chrome and Opera works without any error message! Is this a bug or am I doing something wrong? I have already deleted Firefox completely and created a new user account (for Firefox and in Mac OS X), but nothing has helped. Mario
Angefügte Screenshots

Mehr Details zum System

Anwendung

  • User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0.3 Safari/604.5.6

Weitere Informationen

FredMcD
  • Top 10 Contributor
4396 Lösungen 61648 Antworten
Veröffentlicht

There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate.

https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites

https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message

https://support.mozilla.org/en-US/kb/connection-untrusted-error-message

http://kb.mozillazine.org/Error_loading_websites


  • uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
  • configured their website improperly

How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate. https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message https://support.mozilla.org/en-US/kb/connection-untrusted-error-message http://kb.mozillazine.org/Error_loading_websites *uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN *configured their website improperly How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

Fragesteller

Thanks for your reply!

I don't use any security software on my Mac.

And the error message is "SSL_ERROR_BAD_CERT_DOMAIN" and not "SEC_ERROR_UNKNOWN_ISSUER".

The second message says that the certificate is not valid for the URL, but the called URL is included in the list of valid URLs!

Thanks for your reply! I don't use any security software on my Mac. And the error message is "SSL_ERROR_BAD_CERT_DOMAIN" and not "SEC_ERROR_UNKNOWN_ISSUER". The second message says that the certificate is not valid for the URL, but the called URL is included in the list of valid URLs!
FredMcD
  • Top 10 Contributor
4396 Lösungen 61648 Antworten
Veröffentlicht

If you can post the whole error message, someone else may be able to explain the problem.

If you can post the whole error message, someone else may be able to explain the problem.
jscher2000
  • Top 10 Contributor
8957 Lösungen 73389 Antworten
Veröffentlicht

In your original screenshot, the list contains an asterisk followed by a question mark in a box and a close parenthesis. Perhaps the SAN list in the certificate is corrupted and Firefox, while displaying the list, is refusing to use any of it?

In your original screenshot, the list contains an asterisk followed by a question mark in a box and a close parenthesis. Perhaps the SAN list in the certificate is corrupted and Firefox, while displaying the list, is refusing to use any of it?

Fragesteller

FredMcD said

If you can post the whole error message, someone else may be able to explain the problem.

This was the whole message. The only part that was missing was the certificate chain.

''FredMcD [[#answer-1078453|said]]'' <blockquote> If you can post the whole error message, someone else may be able to explain the problem. </blockquote> This was the whole message. The only part that was missing was the certificate chain.

Fragesteller

jscher2000 said

In your original screenshot, the list contains an asterisk followed by a question mark in a box and a close parenthesis. Perhaps the SAN list in the certificate is corrupted and Firefox, while displaying the list, is refusing to use any of it?

I've noticed that too. And every time I restart Firefox and call the URL this entry changes. (see screenshots attached) I have no idea what this entry means and where it comes from.

''jscher2000 [[#answer-1078456|said]]'' <blockquote> In your original screenshot, the list contains an asterisk followed by a question mark in a box and a close parenthesis. Perhaps the SAN list in the certificate is corrupted and Firefox, while displaying the list, is refusing to use any of it? </blockquote> I've noticed that too. And every time I restart Firefox and call the URL this entry changes. (see screenshots attached) I have no idea what this entry means and where it comes from.

Fragesteller

It must have something to do with the DNS resolving! I just noticed that if I use the IP as URL (https://192.168.178.20:5757) it works without any error message!

I really don't know where else to look.

It must have something to do with the DNS resolving! I just noticed that if I use the IP as URL (https://192.168.178.20:5757) it works without any error message! I really don't know where else to look.
jscher2000
  • Top 10 Contributor
8957 Lösungen 73389 Antworten
Veröffentlicht

Is the IP address the main subject of the certificate, or is it only listed on the SAN list? If it's only on the SAN list, my "corrupted list" theory would be disproven and we'd need to consider whether perhaps .local domains are treated specially for some reason.

Is the IP address the main subject of the certificate, or is it only listed on the SAN list? If it's only on the SAN list, my "corrupted list" theory would be disproven and we'd need to consider whether perhaps .local domains are treated specially for some reason.

Fragesteller

It's only listet in the SAN List:

Not Critical DNS Name: *.local IP Address: fe80::4922:2219:b527:7193 DNS Name: localhost DNS Name: Marios-iMac.fritz.box IP Address: 192.168.178.20 IP Address: ::1 IP Address: 2a02:8109:1540:4a54:8f2:a266:bdb0:2ea8 DNS Name: marios-imac.local IP Address: fe80::1 IP Address: fe80::1caf:3c:ba80:b29 IP Address: fe80::6c80:878b:167e:4f55 IP Address: fe80::b4f5:ffff:fe6f:b855 DNS Name: marios-imac.fritz.box IP Address: 2a02:8109:1540:4a54:f5ed:3059:18c0:d5f0 IP Address: 127.0.0.1

It's only listet in the SAN List: Not Critical DNS Name: *.local IP Address: fe80::4922:2219:b527:7193 DNS Name: localhost DNS Name: Marios-iMac.fritz.box IP Address: 192.168.178.20 IP Address: ::1 IP Address: 2a02:8109:1540:4a54:8f2:a266:bdb0:2ea8 DNS Name: marios-imac.local IP Address: fe80::1 IP Address: fe80::1caf:3c:ba80:b29 IP Address: fe80::6c80:878b:167e:4f55 IP Address: fe80::b4f5:ffff:fe6f:b855 DNS Name: marios-imac.fritz.box IP Address: 2a02:8109:1540:4a54:f5ed:3059:18c0:d5f0 IP Address: 127.0.0.1