SID-02434: Firefox thinks cert is invalid upon login
| Status: |
Answered |
TWiki version: |
6.1.0 |
Perl version: |
|
| Category: |
CategoryAuthentication |
Server OS: |
|
Last update: |
5 years ago |
When I go to twiki.org, and start to login, Firefox (latest version) gives the following error screen(s):
Warning: Potential Security Risk Ahead
Firefox detected a potential security threat and did not continue to www.twiki.org. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.
What can you do about it?
The issue is most likely with the website, and there is nothing you can do to resolve it. You can notify the website’s administrator about the problem.
Learn more…
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for www.twiki.org. The certificate is only valid for the following names: develop.twiki.org, structuredwikis.com, thoeny.org, twiki.org, twikiapps.com
Error code: SSL_ERROR_BAD_CERT_DOMAIN
View Certificate
The difference I see is that it thinks I'm going to www.twiki.org, but the cert is valid for twiki.org (without the www. prefix)
Chrome does not have this issue.
--
David Tremain - 2020-03-14
Discussion and Answer
Yea, this is an inconvenience when trying to access TWiki.org with the www prefix. All links we publish point to twiki.org without the prefix. I tried to do an Apache rewrite, but the TLS/SSL handshake is done before the redirect (for details see
https://serverfault.com/questions/360979/is-there-a-way-to-access-mod-rewrite-before-mod-ssl
)
--
Peter Thoeny - 2020-03-14
The problem appears to be that Firefox prepends www. to the url when you enter just twiki.org
Chrome doesn't.
I'll rattle Firefox's cage about this.
--
David Tremain - 2020-03-16
If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.