SID-02434: Firefox thinks cert is invalid upon login

Status:	Answered	TWiki version:	6.1.0	Perl version:
Category:	CategoryAuthentication	Server OS:		Last update:	5 years ago

When I go to twiki.org, and start to login, Firefox (latest version) gives the following error screen(s):

Firefox detected a potential security threat and did not continue to www.twiki.org. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

What can you do about it?

The issue is most likely with the website, and there is nothing you can do to resolve it. You can notify the website’s administrator about the problem.

Learn more…

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for www.twiki.org. The certificate is only valid for the following names: develop.twiki.org, structuredwikis.com, thoeny.org, twiki.org, twikiapps.com

Error code: SSL_ERROR_BAD_CERT_DOMAIN

View Certificate

Chrome does not have this issue.

-- David Tremain - 2020-03-14

Discussion and Answer

Yea, this is an inconvenience when trying to access TWiki.org with the www prefix. All links we publish point to twiki.org without the prefix. I tried to do an Apache rewrite, but the TLS/SSL handshake is done before the redirect (for details see https://serverfault.com/questions/360979/is-there-a-way-to-access-mod-rewrite-before-mod-ssl)

-- Peter Thoeny - 2020-03-14

The problem appears to be that Firefox prepends www. to the url when you enter just twiki.org Chrome doesn't. I'll rattle Firefox's cage about this.

-- David Tremain - 2020-03-16

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.