Αναζήτηση υποστήριξης

Αποφύγετε τις απάτες υποστήριξης. Δεν θα σας ζητήσουμε ποτέ να καλέσετε ή να στείλετε μήνυμα σε κάποιον αριθμό τηλεφώνου, ή να μοιραστείτε προσωπικές πληροφορίες. Παρακαλούμε αναφέρετε τυχόν ύποπτη δραστηριότητα μέσω της επιλογής “Αναφορά κατάχρησης”.

Learn More

SSL nameConstraints and SEC_ERROR_BAD_DER

  • 6 απαντήσεις
  • 1 έχει αυτό το πρόβλημα
  • 6 προβολές
  • Τελευταία απάντηση από jscher2000

more options

Hello,

bellow ca and cert leads to the SEC_ERROR_BAD_DER error in Firefox. In Chrome it works ok. What is wrong?

ca:


BEGIN CERTIFICATE-----

MIIGWDCCBECgAwIBAgIUENZtuCf3Tob4s6huBzfC8ZAJkLEwDQYJKoZIhvcNAQEL BQAwUjELMAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNhdzEYMBYGA1UECgwPKi5s b2NhbCBkb21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRvbWFpbnMwIBcNMjAwOTE1 MTEwODI5WhgPMjEyMDA4MjIxMTA4MjlaMFIxCzAJBgNVBAYTAlBMMQ8wDQYDVQQH DAZXYXJzYXcxGDAWBgNVBAoMDyoubG9jYWwgZG9tYWluczEYMBYGA1UEAwwPKi5s b2NhbCBkb21haW5zMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyM+E 2qiGxytcwOgedhO5O7jQ1j1eYWic1nPbTJPvusCN48mEmwr8SrrfLtRnbKpql/R1 NxQpHLLnY2Yl+6wyfOa/bSickFr1i6MUhIo8E2QgzcxKz8ZhnURen/UHBDhVozIu zmnlEO8xlTJ7Oo8XYRKyA0AcZFKchOcJ5n0dLukWRma/fydZwkWFPqSON4Gph6l7 iINxzLhBwV9QzJqiJ2SoBK5TrpDuTrQ/S5s0lwtzF5bNAz7Unerdj18A00OcINso 7rov9USeKIxHNt2iNZB5QiUkwGqEOuv0D+COv0tBD/fghRYGCLD3kjz2ZlR3r+Ge 6JF/+veM68bUztLE80cjJQG0yTCG5FrkMg05bIZ45OZjIvAMDL/1UJXiANiJFYIv V9ePuXWfKJs//vU31fG44K27dB/IrFwepYVAbTSrPZnGCx9QlXiUpeW0TTBV6IKB AYzSl3t4FYpGFb52mWNlI639hI9GJ8LYnts4dO2U7jxRyQEnTjsF0NJolTyopVEl f2z3FRo3s7K5M8Qshm9mPkJp6wfo39EAQV3tNQnixvZl3lJGSsuK+y8OaAv1Dwvt iH1FWzxnDDKzqR1ZVjyIQlbUMiAzjIC1crGKUlm7Da7gF5x1BdWgyKB5i2+S3VyA r0x1Syi0VbNrW1JQfJRs98VDI96tZ/N8+r4lzeMCAwEAAaOCASIwggEeMB0GA1Ud DgQWBBQjEzbpKy4CdyO+MQ+9ncqhuBPmEjCBjwYDVR0jBIGHMIGEgBQjEzbpKy4C dyO+MQ+9ncqhuBPmEqFWpFQwUjELMAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNh dzEYMBYGA1UECgwPKi5sb2NhbCBkb21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRv bWFpbnOCFBDWbbgn906G+LOobgc3wvGQCZCxMAwGA1UdEwQFMAMBAf8wCwYDVR0P BAQDAgEGMFAGA1UdHgRJMEegEzAHggVsb2NhbDAIggYubG9jYWyhMDAKhwgAAAAA AAAAADAihyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADANBgkqhkiG 9w0BAQsFAAOCAgEAqBaI/6wL7AiaNO0A3/fW6Vs2Pv26GZ5MHCJ7utatgUWMeko6 VeA7ox1mI06Gtio/uZeAkcHWH3Mv8OTel09jPok524GhUCXZPWmy6Fw6UTqjCMZE BJE3DK4alXDyAd/huHu35HeG+yc4JcSjrMeWmXPp70YsfrfAHMFyu/xpsvasYFKR OLPNHvoOXSv2dE94RtrvTYchMb1Hny0T1UEq/9zKhfEyY+gL/49d5lnNc8gFflsN oxwQrJR5+Za2UhCk5eXtjihsHEEx5ATcWYKPWZjpJ1rzfBqy7GKdu6ooB/yItabq Mu9WGSgRDU//TvGgfppU0SdSGjdAfwPaxQMlNXzhdADzCshn+vrn3Dbjm0i1VVL3 ud/0I70SVNqQyBcH6qfieSL6Wzusz8HNKtTo7cTiIfQ9syUwLK+HZSOOaNkBsMvh c5BFUo6KReiea3+WSN912ZrVhXutA5TMhRNCnk2CWHnfJcKn69s1YErN36/OBHyP +Tyddb5wue/z5BF3yDEVJGbN+NLApIFC9GdqoRMmU6TRyIsGjIuWVqHrnZxLLYhs dB7bz3Di356w9E2ICKEy6g9OQHKHuL4MAzy9k3/ATQ6L/6DJsU60xDYNueLSBXaA gQ367qh5CSOq2Gh18Lyo1dNKRqhekhj+PQIIZrx7k9UhJGa4EEmFLNnOZ60=


END CERTIFICATE-----

cert:


BEGIN CERTIFICATE-----

MIIEOTCCAiGgAwIBAgIUFh/RK2IbfX8WuyuicSyTbnys14owDQYJKoZIhvcNAQEL BQAwUjELMAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNhdzEYMBYGA1UECgwPKi5s b2NhbCBkb21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRvbWFpbnMwIBcNMjAwOTE1 MTEyMDEyWhgPMjEyMDA4MjIxMTIwMTJaMB8xCzAJBgNVBAYTAlBMMRAwDgYDVQQD DAcqLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuERKh7lH TqrCC395M7gSoNAoXrM2TQ7xmBShuoeypCQaPHnufD40+3CxVWOUznC4k+OchDni TUcRJq6Zck3uRC5cC7H7vP6ULiwk5lTWZwKwmW8BTt/Qu+FnXBG+PLUF24s0Cqv4 wUOubU+/DamdwoufmYGjNxreddcJu8oCMuwJKGv3WTGmCsYHWmebrKE/ayw/MlWi 5oB8XrxpeZlD+po4H0rv1s2f1m4nXbEGjq3Wxdwh2dbwEQEMUjGNc+lRGS3evBo8 SF6+Ot8Wzfa/NYGlUcA3jYVHl9gMG398pGikrmTecXh5w0VOKJ4qSMhgzMqIH5WR DfT6VSG6AwZDqQIDAQABozgwNjALBgNVHQ8EBAMCBeAwEwYDVR0lBAwwCgYIKwYB BQUHAwEwEgYDVR0RBAswCYIHKi5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAtClj BoRiitzzzr0H7hZGI4RWa17L9ou1cmwBC10fdrgOPON9Kwsh632t82/EGfHmRR3D KCVke12Qd7jTchGna03JU+0zuc+5WN5LuBc/1R0iYWVwHmYWQtkLuBaWEvOvsH4N 8Og37Gn0nI8UBCZd8V9MgIIhsAJ0pk8vNi0bv5TnZk5n+IZtpWTQZVZj3F/8tAN3 ZNwkec8RjLCKsXygwadKNxkuxMrecqIKrOsE+mxpHuxciEoQHIrlYmwS7fdUYdtk vzS7UrKopNj1uAMAd31XDeEs1aXsJDnF3mk3sdKyx7/Alv01GA9FCCQJpa+naOtP e6rxcoDk1ffGDUIKr1QJgVrKUco4jrwmYLMOSjEOwzDH1zcmMeOs97OP2qKZE9BI i3nPQno907odphdRz0NA3mGy70mz6pTnsYOPW/9QFL25A8dsD10OPSrGjmKkSyv0 rRnJCx5uYXuz5Yw2fO097n1z7jEGu9Ve27pvifG2pgT4PA1a3lWFDDlABo+cyDVB +OSvIWvr0YZpfQYam069AF2vtyqdw8FWHTlV9zH/6r3gXk9VrLBrzNWMCnUJwK7h Y8mnUwc9nVtWqwNxIS9oda4R7DImhEmNK3xz2lEpHIWVisd8p+TuTVHL2D22WzPX 76MD6hy8iNxOTr00+c+NcDzrqjH4FftkvEEg35g=


END CERTIFICATE-----

Όλες οι απαντήσεις (6)

more options

SEC_ERROR_BAD_DER hi, this error code means "A certificate is not properly encoded according to ASN.1 (DER) encoding" according to https://wiki.mozilla.org/SecurityEngineering/x509Certs#Error_Codes_in_Firefox

Χρήσιμο;

more options

I called for more help.


Certificate 1 Check Result Expiry PASSED - Expires Aug 22 2120 (36499 days) Debian RSA Weak Key PASSED - Does not use a key on our blacklist - this is good Key Size PASSED (4096 bits) MD5 PASSED - Not using the MD5 algorithm SHA1 PASSED - Not using the SHA1 algorithm

Certificate 2 Certificate Checks Check Result Expiry PASSED - Expires Aug 22 2120 (36499 days) Debian RSA Weak Key PASSED - Does not use a key on our blacklist - this is good Key Size PASSED (2048 bits) MD5 PASSED - Not using the MD5 algorithm SHA1 PASSED - Not using the SHA1 algorithm

Χρήσιμο;

more options

So the second certificate appears to be for

*.local

I'm not seeing the Authority Key ID in that certificate. It should match the Subject Key ID of the signing certificate. If you use

right-click > View Page Info > Security > View Certificate

on a page in Firefox, you should see those fields for certificates that pass validation. When using an online decoder, it will appear in the Extensions section. For example:

https://ssltools.godaddy.com/views/certDecoder

Χρήσιμο;

more options

I have added the Authority Key ID to the cert, but still the same error:

new ca:


BEGIN CERTIFICATE-----

MIIGWDCCBECgAwIBAgIUE7H1DpI/9vsGARH4F+xEeFwR3kwwDQYJKoZIhvcNAQEL BQAwUjELMAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNhdzEYMBYGA1UECgwPKi5s b2NhbCBkb21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRvbWFpbnMwIBcNMjAwOTE2 MDgwNTE1WhgPMjEyMDA4MjMwODA1MTVaMFIxCzAJBgNVBAYTAlBMMQ8wDQYDVQQH DAZXYXJzYXcxGDAWBgNVBAoMDyoubG9jYWwgZG9tYWluczEYMBYGA1UEAwwPKi5s b2NhbCBkb21haW5zMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5g14 rKZ6ppAZfHQzx66IDjbt5Klu2uKuWK9JmQbZu+QkZZGYMflCIQfbd9yGP4H/s44w BL8Jr7P0pPSN15V7+75HU6sPaV8xENJzQQJdi8ZGJu1aUg9Sj2F7BQxNFNWUl4+7 1ZgII41gU6NprtbUpfO6thqANHl1qNxCdKBmJFMvoNwIGRL+wYerGfyAMeMIP9y3 k1dNx/MSEzM68SRDZrHTQedIZuNiP/zWtP88H/qZW9sKcsrgPRyLewCaVMiUnh26 cC4lYTkzoj6W/sW6YxYYIiK3H8TChYWfWuW4TAy/Y4zOCMmYkFTYATIlXc0GYP7V zPHmskwW0SGaIZmp6jHt8EN2pxqKF+uwGK1OByq8Te6TMa4gtwVo6QTe1E7NeY/l zQOB+iqTer1iND0gvQXxHccaaAMdH1po8xXT8nBBqfpXV2lyAIhafwhxQcXiCApx fdxSd/+gC8fskMw+1Q9O2NdfSgvpsnFIHBv5myqmhYnCG3pbYKr3kbA2NTg8E/ub b0FzEGWzhPT3By0jJJJ+Uh5hGrCi6IapCvmeqijfmkwg/OlDaua1oK7totwndZ17 Cp2y7XfxStTQx3rR/iVqkX+0j9oZRsHi+fF+5Q9h1sOUq2ULBPDse9iUU5YmyjK5 C8AdpzYPP4mXFn8ODbfaRyYVhTex06nymfNRb/UCAwEAAaOCASIwggEeMB0GA1Ud DgQWBBRdvo/N0BsWiTlMIxWnuYnjHBscLjCBjwYDVR0jBIGHMIGEgBRdvo/N0BsW iTlMIxWnuYnjHBscLqFWpFQwUjELMAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNh dzEYMBYGA1UECgwPKi5sb2NhbCBkb21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRv bWFpbnOCFBOx9Q6SP/b7BgER+BfsRHhcEd5MMAwGA1UdEwQFMAMBAf8wCwYDVR0P BAQDAgEGMFAGA1UdHgRJMEegEzAHggVsb2NhbDAIggYubG9jYWyhMDAKhwgAAAAA AAAAADAihyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADANBgkqhkiG 9w0BAQsFAAOCAgEAUZx9yFhWY9aI42JUU2jBJok5L53DV76xtHWkYN/IC4gdngdS bUnj+8v5VHX4IUrR/7BG3tCq9Fzhojhf6ubg4PK0OW9P7TFU8irVlr3S6RB7DWVg Iffr53eeBqcoHyRXlXSegLLqRzUIYSJBgmA6WIk4+LQTy6dpmGN9kBqU0O92gT2i PBgk42B16384FroRUyRi8VhN8k0PLLOrTxpBWDK217x9DAolv36GopyyhcE8o5Co 3te9B6WZz0hRWYTLehSsA/qqRHBjMHViKmkqb1oJF4YhiaeSXcteMC3fYGfyumZy u7CV8nlL3K1UcX92mFZtEz9SDOAL5tWBkqZpxbznwkBGe3EfUah82WANSUR1qlxX Ti0RbeniCmq3vt8/2vO5FWkTlt4EPN9PWRGYd5R8e+OjU3AVspJJLbekUBZo2A23 0esERbOiszQ1CuTx0KWNBkx5h9dfnrGSyYNwtral5O2qCQROxprLDEjU8DkKfidu 67cLAHWXGBg5VqDyVgLF/fFjhv1XvIaLoEKDKlhrmr7TP3WLy6M9rDbwAd2vR43Z fXsUXYYGfMBqLsd4QSlYPgHgUpfxAkcbHeL/SMJw4IrOs/yxp5C4k+4M2GKIiTGx Y+Tn7umXcOH+gzV7mZ2BpLBKBttvoRoWNe+PAYp4sMHx1XK7282EIEvXf2E=


END CERTIFICATE-----

new cert:


BEGIN CERTIFICATE-----

MIIE7DCCAtSgAwIBAgIUTXFL6O/5sW4KbTFO7EE8s/uXz7EwDQYJKoZIhvcNAQEL BQAwUjELMAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNhdzEYMBYGA1UECgwPKi5s b2NhbCBkb21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRvbWFpbnMwIBcNMjAwOTE2 MDg1MjExWhgPMjEyMDA4MjMwODUyMTFaMB8xCzAJBgNVBAYTAlBMMRAwDgYDVQQD DAcqLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Pve6vrU 5sGig2IKrTHgJ8/gqzkGyPJ1GcOGqCAPb7vWwgKBs9Qdh+djwceXj2FpB6H3SLgX ZMbwkgTF0kgTBTGZVHt3YwbhWVB3jX3az3HsJ6bVAspN9N+w4XmfoJrpvLknxz7d WjP4k4cOzGlbqTB5MMmR0jZ/HmrmeY9c1nXeiUkVQyn/SmtU8Luu4s1FSLyLpczU LovFFgeiGfUnl6JTZnoLaxPfXqJc8+6cUy3aR6zYYzc1kTMqRairzpxtpv/lOdMj v0faVSiKzw/WZfxoDQjOnU8t2ZA1pkkcMXfx1aWRiFU/uYYpokr7/wiHqwaw/771 sTkMytaAiaKz9wIDAQABo4HqMIHnMB0GA1UdDgQWBBRDMksO7uSs1dV51to6DSxg Ljv7ozCBjwYDVR0jBIGHMIGEgBRdvo/N0BsWiTlMIxWnuYnjHBscLqFWpFQwUjEL MAkGA1UEBhMCUEwxDzANBgNVBAcMBldhcnNhdzEYMBYGA1UECgwPKi5sb2NhbCBk b21haW5zMRgwFgYDVQQDDA8qLmxvY2FsIGRvbWFpbnOCFBOx9Q6SP/b7BgER+Bfs RHhcEd5MMAsGA1UdDwQEAwIF4DATBgNVHSUEDDAKBggrBgEFBQcDATASBgNVHREE CzAJggcqLmxvY2FsMA0GCSqGSIb3DQEBCwUAA4ICAQBIkrGxh+lLF1ebhc8kyMOj D+95d/fR9IOh6dvaCzp2wUBB+COHTP6u5pqIY0FYm3I/NepFiXSj0WCOUne9eHMt GT1wlzML1ybC1R8ZB2Fbt2I+onTfU5Bn+BombJWmP8eOJ5TdxDML5R3x5T6IJvvj JmhTozdW7tv2accG7GUzMiUzweCcRutE7wePvkDGZkpKpgMwPbSA6DCodINs3gxZ N9B71dvihvXDO0xCgERc8mEoEq93gwojhPv3PVGvADm7GkqJYeFwkhWBF3aKmqu8 kgXh4HoR6JwSrHpJtaQL6splyV4lvU7LAGXmELFFsqFtFJdLKnd4GUEXUHQGL4b/ Iu1vtx9ccR0smPYXMdee8DesqVdL/96OV1vRvE2m630VfoBNjM3add7ABC/1yDMn qzC9e9tOyQTs5JuQPmRER6lQnhYd4+eJwrDHRFfTwC+RFaM/7iM/FOwrev0LJRZ/ t4cpaT0KpyYd/lnkhRPTlrZXBTqs+FK5zDTLnwfrSjGV7eK5EApRb6VYFsl4BjjH XPNbws03wNzWfbDrttb+RSlz2uO+Cf2wNhLYVdtDUJ+iZBupyoHuLkHrOU44e+G+ /ZjJq6CfBfyGpU5c6O8u6OgcUWy2OUk0KHz/EeYnAt44ZytB4ojDYjz4nK3sz/Ua MZu2hVigIh6zh/kd2TEj7w==


END CERTIFICATE-----

Χρήσιμο;

more options

I have found what is wrong. FF does not accept wildcards for the top level domains, so I can't issue a cert for *.local, but I can for *.project.local

Χρήσιμο;

more options

That makes sense. Thank you for reporting back on that.

Χρήσιμο;

Κάντε μια ερώτηση

Πρέπει να συνδεθείτε στο λογαριασμό σας για να απαντήσετε στις δημοσιεύσεις. Παρακαλούμε ξεκινήστε μια νέα ερώτηση, αν δεν έχετε ήδη λογαριασμό.