Pale Moon forum

Hi all,

opening https://m.kingbriteled.en.alibaba.com/ I get an error:
m.kingbriteled.en.alibaba.com uses an invalid security certificate.
The certificate is only valid for the following names: *.en.alibaba.com, en.alibaba.com
(Error code: ssl_error_bad_cert_domain)

screenshot Palemoon 27.0.2: I don't know what is wrong. They provide a wildcard cert that matches the host name.
Anyway, BUT it is not possible to add an exception for this - there is no button "Add exception..."
If I use PM 26.4.0 or FF 50.0.2 there is the button and I can add the exception.
Any help?

screenshot PM 26.4.0: screenshot PM 26.4.0, adding exception:

staff089 wrote:I don't know what is wrong. They provide a wildcard cert that matches the host name.

No, it doesn't match the host name.

*.domain.tld is valid for something.domain.tld but NOT for something.something.domain.tld

(So in this particular case the cert would be valid for kingbriteled.en.alibaba.com but NOT for m.kingbriteled.en.alibaba.com)

Also, you have the option to add an exception, regardless of this error, if you understand the risks (but I don't think you do ). By default this kind of cert problem doesn't allow exceptions because something *is* very wrong there and shouldn't just be ignored.
You can force the visibility of adding an exception if you change browser.xul.error_pages.expert_bad_cert to true

Welcome to the forum!

First, if i test the site SSL/ TLS security on https://www.ssllabs.com/ssltest/analyze ... libaba.com i get: Certificate name mismatch
Then i force the scan and get:
This server's certificate is not trusted, see below for details.
This server uses SSL 3, which is obsolete and insecure. Grade capped to B.
This server uses RC4 with modern protocols. Grade capped to C.
The server does not support Forward Secrecy with the reference browsers.

So very old an unsecure and Pale Moon protect you.