Ce site disposera de fonctionnalités limitées pendant que nous effectuons des opérations de maintenance en vue de vous proposer un meilleur service. Si un article ne règle pas votre problème et que vous souhaitez poser une question, notre communauté d’assistance est prête à vous répondre via @FirefoxSupport sur Twitter, et /r/firefox sur Reddit.

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

SSL_ERROR_BAD_CERT_DOMAIN in Firefox 101.0

  • 1 réponse
  • 1 a ce problème
  • 13 vues
  • Dernière réponse par cor-el

more options

Hello

We use our own CA to secure some websites on the internal network. Until version 101.0, the SSL was working correctly. I have updated today to firefox 101 and all our internal websites started giving SSL_ERROR_BAD_CERT_DOMAIN. There are no issues with external CA issued certificates, so I'm assuming it is something related to the way we generate the certificates. Were there any changes done at version 101 which might reject certificates with a valid common name? Is there a way to disable it and revert to version 100 options?

Thank you

Hello We use our own CA to secure some websites on the internal network. Until version 101.0, the SSL was working correctly. I have updated today to firefox 101 and all our internal websites started giving SSL_ERROR_BAD_CERT_DOMAIN. There are no issues with external CA issued certificates, so I'm assuming it is something related to the way we generate the certificates. Were there any changes done at version 101 which might reject certificates with a valid common name? Is there a way to disable it and revert to version 100 options? Thank you

Toutes les réponses (1)

more options

See Changed in the Firefox 101 release notes.

Removed "subject common name" fallback support from certificate validation. This fallback mode was previously enabled only for manually installed certificates. The CA Browser Forum Baseline Requirements have required the presence of the "subjectAltName" extension since 2012, and use of the subject common name was deprecated in RFC 2818.