Hilfe durchsuchen

Vorsicht vor Support-Betrug: Wir fordern Sie niemals auf, eine Telefonnummer anzurufen, eine SMS an eine Telefonnummer zu senden oder persönliche Daten preiszugeben. Bitte melden Sie verdächtige Aktivitäten über die Funktion „Missbrauch melden“.

Weitere Informationen

Why do I get sec_error_bad_der on FF and "Subject CN in certificate not server name or identical to CA!?" on server - works with Chrome/IE

  • 1 Antwort
  • 17 haben dieses Problem
  • 1 Aufruf
  • Letzte Antwort von tdeleeuw

more options

I have setup a CA hierarchy and generated the server certificate (DN is CN = tools.xxx.com,OU = IT,O = XXX,DC = tools,DC = office,DC =xxx,DC = com) as AltName, I have DNS Name: tools.xxx.com. I have also created user Certificates (DN is E=me@xxx.com,CN=Me,OU=IT,O=XXX,DC=office,DC=xxx,DC=com)

I have enabled the Mutual SSL auth.

When I connect with IE or chrome, I have no problem. When I try to connect using FF, I get ion FF "sec_error_bad_der" and in the log of the server I get "SSL Library Error: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate (SSL alert number 42) -- Subject CN in certificate not server name or identical to CA!?" This happens as soon as I click Ok or cancel after having selected the certificate

SSL Labs does not seem to find any issue with the server itslef...

I have setup a CA hierarchy and generated the server certificate (DN is CN = tools.xxx.com,OU = IT,O = XXX,DC = tools,DC = office,DC =xxx,DC = com) as AltName, I have DNS Name: tools.xxx.com. I have also created user Certificates (DN is E=me@xxx.com,CN=Me,OU=IT,O=XXX,DC=office,DC=xxx,DC=com) I have enabled the Mutual SSL auth. When I connect with IE or chrome, I have no problem. When I try to connect using FF, I get ion FF "sec_error_bad_der" and in the log of the server I get "SSL Library Error: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate (SSL alert number 42) -- Subject CN in certificate not server name or identical to CA!?" This happens as soon as I click Ok or cancel after having selected the certificate SSL Labs does not seem to find any issue with the server itslef...

Alle Antworten (1)

more options

Of course, if needed, I can provide the full CA chain and the relevant certificates (no private key sorry ;-))