搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Why do I get sec_error_bad_der on FF and "Subject CN in certificate not server name or identical to CA!?" on server - works with Chrome/IE

  • 1 个回答
  • 17 人有此问题
  • 1 次查看
  • 最后回复者为 tdeleeuw

more options

I have setup a CA hierarchy and generated the server certificate (DN is CN = tools.xxx.com,OU = IT,O = XXX,DC = tools,DC = office,DC =xxx,DC = com) as AltName, I have DNS Name: tools.xxx.com. I have also created user Certificates (DN is [email protected],CN=Me,OU=IT,O=XXX,DC=office,DC=xxx,DC=com)

I have enabled the Mutual SSL auth.

When I connect with IE or chrome, I have no problem. When I try to connect using FF, I get ion FF "sec_error_bad_der" and in the log of the server I get "SSL Library Error: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate (SSL alert number 42) -- Subject CN in certificate not server name or identical to CA!?" This happens as soon as I click Ok or cancel after having selected the certificate

SSL Labs does not seem to find any issue with the server itslef...

I have setup a CA hierarchy and generated the server certificate (DN is CN = tools.xxx.com,OU = IT,O = XXX,DC = tools,DC = office,DC =xxx,DC = com) as AltName, I have DNS Name: tools.xxx.com. I have also created user Certificates (DN is [email protected],CN=Me,OU=IT,O=XXX,DC=office,DC=xxx,DC=com) I have enabled the Mutual SSL auth. When I connect with IE or chrome, I have no problem. When I try to connect using FF, I get ion FF "sec_error_bad_der" and in the log of the server I get "SSL Library Error: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate (SSL alert number 42) -- Subject CN in certificate not server name or identical to CA!?" This happens as soon as I click Ok or cancel after having selected the certificate SSL Labs does not seem to find any issue with the server itslef...

所有回复 (1)

more options

Of course, if needed, I can provide the full CA chain and the relevant certificates (no private key sorry ;-))