Wildcard *.local certificate is not accepted
Reported by
jonathan...@gmail.com,
Jun 26 2017
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3137.0 Safari/537.36 Steps to reproduce the problem: Create and sign an SSL certificate from a self managed CA. Include SAN for *.local Make sure the server is serving the newly signed certificate Go to a local site example.local Full details can be found here: https://unix.stackexchange.com/questions/371997/creating-a-local-ssl-certificate/372393#372393 What is the expected behavior? The site should be shown as secure in Chromium What went wrong? Chrome gives this error: ERR_CERT_COMMON_NAME_INVALID Did this work before? No Chrome version: 61.0.3137.0 Channel: n/a OS Version: Flash Version:
,
Jun 26 2017
I suspect this is working as intended, and the issue here is that it's not valid to issue a wildcard certificate for a top-level domain. The same error pattern is seen when you use a certificate with a SubjectAltName of *.com when navigating to example.com.
,
Jun 26 2017
Firefox and IE also block these certificates; Firefox provides a slightly more valuable error message "Error code: SSL_ERROR_BAD_CERT_DOMAIN"
,
Jun 26 2017
Correct. This is working as intended. There are challenges with renaming ERR_CERT_COMMON_NAME_INVALID, to reflect that the certificate domain is bad, but that's a separate issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by elawrence@chromium.org
, Jun 26 2017Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Summary: Wildcard *.local certificate is not accepted (was: Wild Card *.local SSL)