问题
I've searched through https://developer.mozilla.org/en-US/ and Google and still cannot learn exactly why Firefox would display it's "This Connection is Untrusted" screen/UI with "(Error code: ssl_error_bad_cert_domain)" under "Technical Details".
Is it really as simple as "The SSL certificate common name does not match the fully qualified domain name (FQDN) of the webserver/website." ?
If so, then why wouldn't an SSL certificate with the common name "*.subdomain.mydomain.tld" work with the website "https://subdomain.mydomain.tld" and throw this specific error?
回答1:
If so, then why wouldn't an SSL certificate with the common name "*.subdomain.mydomain.tld" work with the website "https://subdomain.mydomain.tld" and throw this specific error?
A wildcard stands for a single label and not for nothing. That means *.subdomain.example.com does not match subdomain.example.com but it will match foo.subdomain.example.com. To match subdomain.example.com too the certificate has to include both *.subdomain.example.com and also subdomain.example.com as subject alternative names. Note that *.example.com would also match subdomain.example.com but not foo.subdomain.example.com.
来源:https://stackoverflow.com/questions/29018917/when-does-firefox-throw-ssl-error-bad-cert-domain-with-a-wildcard-certificate