Can not add exception to wildcard certificate in PM 27

Users and developers helping users with generic and technical Pale Moon issues on all operating systems.
Please direct questions that are Mac or Linux-specific (dealing with installation and OS integration) to the appropriate Linux or Mac board.

Moderator: trava90

Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only. The main focus here is on Pale Moon on Windows. Please direct your questions that are specific for Linux and Mac to the dedicated boards for those operating systems.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
Locked
staff089
Newbie
Newbie
Posts: 4
Joined: 2016-12-04, 14:24

Can not add exception to wildcard certificate in PM 27

Post by staff089 » 2016-12-04, 15:02

Hi all,

opening https://m.kingbriteled.en.alibaba.com/ I get an error:
m.kingbriteled.en.alibaba.com uses an invalid security certificate.
The certificate is only valid for the following names: *.en.alibaba.com, en.alibaba.com
(Error code: ssl_error_bad_cert_domain)

screenshot Palemoon 27.0.2:
2016-12-04 15_42_43-Untrusted Connection - Pale Moon_27.0.2.png
I don't know what is wrong. They provide a wildcard cert that matches the host name.
Anyway, BUT it is not possible to add an exception for this - there is no button "Add exception..."
If I use PM 26.4.0 or FF 50.0.2 there is the button and I can add the exception.
Any help?

screenshot PM 26.4.0:
2016-12-04 15_44_07-Untrusted Connection - Pale Moon_26.4.0.png
screenshot PM 26.4.0, adding exception:
2016-12-04 15_44_07-Untrusted Connection - Pale Moon_26.4.0_add_exception.gif
Top
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 29203
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:
Contact Moonchild

Re: Can not add exception to wildcard certificate in PM 27

Post by Moonchild » 2016-12-04, 15:23

staff089 wrote:I don't know what is wrong. They provide a wildcard cert that matches the host name.
No, it doesn't match the host name.

*.domain.tld is valid for something.domain.tld but NOT for something.something.domain.tld

(So in this particular case the cert would be valid for kingbriteled.en.alibaba.com but NOT for m.kingbriteled.en.alibaba.com)

Also, you have the option to add an exception, regardless of this error, if you understand the risks (but I don't think you do ;) ). By default this kind of cert problem doesn't allow exceptions because something *is* very wrong there and shouldn't just be ignored.
You can force the visibility of adding an exception if you change browser.xul.error_pages.expert_bad_cert to true
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Image
Top
dark_moon

Re: Can not add exception to wildcard certificate in PM 27

Post by dark_moon » 2016-12-04, 15:28

Welcome to the forum!

First, if i test the site SSL/ TLS security on https://www.ssllabs.com/ssltest/analyze ... libaba.com i get: Certificate name mismatch
Then i force the scan and get:
This server's certificate is not trusted, see below for details.
This server uses SSL 3, which is obsolete and insecure. Grade capped to B.
This server uses RC4 with modern protocols. Grade capped to C.
The server does not support Forward Secrecy with the reference browsers.

So very old an unsecure and Pale Moon protect you.
Top
Locked

Return to “General support”