Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Error code: SSL_ERROR_BAD_CERT_DOMAIN - certificate is not valid for the following names

more options

Hi,

i have a problem with certificates for local domains. An app for compiling Sass files (CodeKit) provides a local server on the Mac. The app creates a root certificate (authority certificate) which I have imported into Firefox (Prefs -> Privacy & Security -> View Certificates -> Authorities -> Import).

When I now call the URL generated by the app in Firefox (https://marios-imac.local:5757/) I get the error message "SSL_ERROR_BAD_CERT_DOMAIN" and "The certificate is only valid for the following names:" But this list shows the correct URL! I have attached two screenshots.

Calling the TLS URL in Safari, Chrome and Opera works without any error message!

Is this a bug or am I doing something wrong? I have already deleted Firefox completely and created a new user account (for Firefox and in Mac OS X), but nothing has helped.

Mario

Hi, i have a problem with certificates for local domains. An app for compiling Sass files (CodeKit) provides a local server on the Mac. The app creates a root certificate (authority certificate) which I have imported into Firefox (Prefs -> Privacy & Security -> View Certificates -> Authorities -> Import). When I now call the URL generated by the app in Firefox (https://marios-imac.local:5757/) I get the error message "SSL_ERROR_BAD_CERT_DOMAIN" and "The certificate is only valid for the following names:" But this list shows the correct URL! I have attached two screenshots. Calling the TLS URL in Safari, Chrome and Opera works without any error message! Is this a bug or am I doing something wrong? I have already deleted Firefox completely and created a new user account (for Firefox and in Mac OS X), but nothing has helped. Mario
Attached screenshots

All Replies (9)

more options

There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate.

https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites

https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message

https://support.mozilla.org/en-US/kb/connection-untrusted-error-message

http://kb.mozillazine.org/Error_loading_websites


  • uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
  • configured their website improperly

How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

more options

Thanks for your reply!

I don't use any security software on my Mac.

And the error message is "SSL_ERROR_BAD_CERT_DOMAIN" and not "SEC_ERROR_UNKNOWN_ISSUER".

The second message says that the certificate is not valid for the URL, but the called URL is included in the list of valid URLs!

more options

If you can post the whole error message, someone else may be able to explain the problem.

more options

In your original screenshot, the list contains an asterisk followed by a question mark in a box and a close parenthesis. Perhaps the SAN list in the certificate is corrupted and Firefox, while displaying the list, is refusing to use any of it?

more options

FredMcD said

If you can post the whole error message, someone else may be able to explain the problem.

This was the whole message. The only part that was missing was the certificate chain.

more options

jscher2000 said

In your original screenshot, the list contains an asterisk followed by a question mark in a box and a close parenthesis. Perhaps the SAN list in the certificate is corrupted and Firefox, while displaying the list, is refusing to use any of it?

I've noticed that too. And every time I restart Firefox and call the URL this entry changes. (see screenshots attached) I have no idea what this entry means and where it comes from.

more options

It must have something to do with the DNS resolving! I just noticed that if I use the IP as URL (https://192.168.178.20:5757) it works without any error message!

I really don't know where else to look.

more options

Is the IP address the main subject of the certificate, or is it only listed on the SAN list? If it's only on the SAN list, my "corrupted list" theory would be disproven and we'd need to consider whether perhaps .local domains are treated specially for some reason.

more options

It's only listet in the SAN List:

Not Critical DNS Name: *.local IP Address: fe80::4922:2219:b527:7193 DNS Name: localhost DNS Name: Marios-iMac.fritz.box IP Address: 192.168.178.20 IP Address: ::1 IP Address: 2a02:8109:1540:4a54:8f2:a266:bdb0:2ea8 DNS Name: marios-imac.local IP Address: fe80::1 IP Address: fe80::1caf:3c:ba80:b29 IP Address: fe80::6c80:878b:167e:4f55 IP Address: fe80::b4f5:ffff:fe6f:b855 DNS Name: marios-imac.fritz.box IP Address: 2a02:8109:1540:4a54:f5ed:3059:18c0:d5f0 IP Address: 127.0.0.1