Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

SSL Certificate error

I'm using wild card certificate on F5 to offload SSL for my Web-Servers. Already upload wildcard certificate to F5 without any issue. Currently, when try access the url for my Web Server get the error on web browser: NET::ERR_CERT_COMMON_NAME_INVALID

The url that I´m trying is: https://service.external.mydomain.com.br

My certificate in my New Client-SSL profile is:

Common name: *.mydomain.com.br

Organization: MyDomain C.O.

Location: My CITY, MyState, MyCountry

Valid from Jan 01, 2019 to December 12, 2020

Encryption Issuer: MyCA-corp RSA CA 2019

Any input?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Wildcard certificates don’t go more than one level.

So *.example.com will cover external.example.com but not *.external.example.com

You either need to move the domain to be directly under example.com or get another wildcard for *.external.example.com

1
Comments on this Answer
Comment made 1 month ago by Ryan 860

I was going to say the same thing :)

0
Comment made 1 month ago by brangel 1

Thanks it was the C.A told me, customer will issue new Cert. ;)

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Have you tried other browsers? I know there are some weird chrome bugs with this wanting alternative names and the like.

Can you paste your certificate key chain from your SSL profile (minus anything identifying oc)

0
Comments on this Answer
Comment made 1 month ago by brangel 1

Yes, for others Browsers:

Firefox: SSL_ERROR_BAD_CERT_DOMAIN

MS Edge: DLG_FLAGS_SEC_CERT_CN_INVALID

Chrome: NET::ERR_CERT_COMMON_NAME_INVALID

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Have you checked your cert? The actual cert is different from the cert you are providing.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:a4:1c:d7:b3:65:58:be:59:5c:38:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2
        Validity
            Not Before: Oct 17 07:13:06 2017 GMT
            Not After : Dec 11 08:45:40 2020 GMT
        Subject: OU=Domain Control Validated, CN=cc.sedoparking.com 
        ... 
        X509v3 Subject Alternative Name:
                DNS:cc.sedoparking.com



Error tell everething you need

service.external.mydomain.com.br uses an invalid security certificate.   
The certificate is only valid for cc.sedoparking.com.   
Error code: SSL_ERROR_BAD_CERT_DOMAIN

Update you cert to a valid one.

0
Comments on this Answer
Comment made 1 month ago by brangel 1

This is not my owner Cert... Thanks for your help

0
Comment made 1 month ago by surgeon

I am getting this cert while accessing https://service.external.mydomain.com.br, If this is wrong cert, then you need to check where it is coming from.

0
Comment made 1 month ago by brangel 1

Thanks for your Reply... the url https://service.external.mydomain.com.br, is a dummy url to post for customer privacity reason ;)

We found the solution, that already checked as correct answer on this post....

Many Thanks for you help

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Self-signed certificates aren't trusted by browsers because they are generated by your server, not by a CA mybkexperience.

0