搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Why do I get sec_error_bad_der on FF and "Subject CN in certificate not server name or identical to CA!?" on server - works with Chrome/IE

  • 1 回覆
  • 17 有這個問題
  • 1 次檢視
  • 最近回覆由 tdeleeuw

more options

I have setup a CA hierarchy and generated the server certificate (DN is CN = tools.xxx.com,OU = IT,O = XXX,DC = tools,DC = office,DC =xxx,DC = com) as AltName, I have DNS Name: tools.xxx.com. I have also created user Certificates (DN is E=me@xxx.com,CN=Me,OU=IT,O=XXX,DC=office,DC=xxx,DC=com)

I have enabled the Mutual SSL auth.

When I connect with IE or chrome, I have no problem. When I try to connect using FF, I get ion FF "sec_error_bad_der" and in the log of the server I get "SSL Library Error: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate (SSL alert number 42) -- Subject CN in certificate not server name or identical to CA!?" This happens as soon as I click Ok or cancel after having selected the certificate

SSL Labs does not seem to find any issue with the server itslef...

I have setup a CA hierarchy and generated the server certificate (DN is CN = tools.xxx.com,OU = IT,O = XXX,DC = tools,DC = office,DC =xxx,DC = com) as AltName, I have DNS Name: tools.xxx.com. I have also created user Certificates (DN is E=me@xxx.com,CN=Me,OU=IT,O=XXX,DC=office,DC=xxx,DC=com) I have enabled the Mutual SSL auth. When I connect with IE or chrome, I have no problem. When I try to connect using FF, I get ion FF "sec_error_bad_der" and in the log of the server I get "SSL Library Error: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate (SSL alert number 42) -- Subject CN in certificate not server name or identical to CA!?" This happens as soon as I click Ok or cancel after having selected the certificate SSL Labs does not seem to find any issue with the server itslef...

所有回覆 (1)

more options

Of course, if needed, I can provide the full CA chain and the relevant certificates (no private key sorry ;-))