(SSL, Firefox) Wildcard not working for public site (port 80)

[Stu]

Hi Folks,

Have got a wildcard ssl certificate (a proper expensive pay lots of money one).

Working great with Chrome and IE.

With Firefox, it works fine for our intranet (which has a custom port), BUT .. gives the following (screenshot attached) error when using firefox to view our public site:

The certificate is only valid for "mail.<domainname>.com". (Error code: ssl_error_bad_cert_domain)

Not sure why this happens ONLY on Firefox.

I've googled around, but nothing springs out. Will keep looking.

Have had to remove the SSL functionality from our public site, so it's not available to test outside of my own dev machine at the moment.

[attachment deleted by admin]

[kevin plummer]

Stu, try connecting from Firefox on a machine that has not connected to your site before. I had a similar problem in Firefox where it "remembered" the error even after I fixed the problem. Other firefox users were not seeing the error I was seeing. May be the same thing...

Kev

[Bruce]

are you sure it was on port 80? SSL is usually on port 443?
On the other hand you have it working in Chrome, so probably just a typo.

what's interesting is that it says it's only valid for "mail.whatever.com" - which seems to imply that it doesn't see it as a wildcard cert. I'm not sure what that means though. Perhaps as Kevin says some caching somewhere? Did you have it tested with the mail.whatever.com certificate while in development?

cheers
Bruce

[Stu]

Thanks Kevin and Bruce.

1. Definitely worked fine with Chrome. Not sure about IE, didn't test. Had to pull it down straight away and put back up the non-SSL server.

2. It's the visitors that are experiencing this, general population. So I can't get them to refresh or really give them any instructions at all .. It just has to work.

3. What I will do is put it back up late one night and do some further testing then. Maybe hit up the Skype channel to have a look.

4. The "mail.sandersnoonan.com" is .. Oh. Just realised. Hmmmm. I was vpn'd into the network on the machine that came up on. Which means the internal rules are screwing with it. Right.

Okay.

Basically, MORE TESTING is needed.

Thanks again guys.

[Bruce]

Hi Stu,

nothing stops you running the non-SSL server and the SSL server at the same time. They're on different ports (80 / 443) so they don't clash.

you can even make them separate EXE's - each just doing the one port - so you can test "live" while having the non SSL site live as well.

Of course in this approach, your SSL Exe should only have the one server object - not the (common) approach of 2 objects - with the one object (on port 80) redirecting to the SSL port.

cheers
Bruce

[Rob Kolanko]

Hi
I had the same or similar Firefox message appear with a regular SSL certificate, which also worked fine in IE. My solution was to add the intermediate certificate that came as a separate certificate file from the register to the site certificate.
see http://www.capesoft.com/docs/NetTalk7/NetTalkWebSecure.htm#UsingIntermediateCertificates
I hope this helps.
Rob

[Stu]

Thanks Bruce, very cool!

Rob, nice one. I do remember reading the Intermediate Certificate stuff (after a prod from Bruce). And I think it actually does have the intermediate stuff put in there .. Maybe that's the problem.

Cheers.