0

Wildcard certificates for *.company.com are not supposed to be valid for company.com. Yet familysearch.org uses a wildcard certificate *.familysearch.org.

Neither Chrome, Firefox, IE, wget, nor curl complain about it. Why? Interestingly, does complain. Who's correct?

curl snippet:

* Server certificate:
*        subject: C=US; postalCode=84150; ST=Utah; L=Salt Lake City; street=50 East North Temple Street; O=Intellectual Reserve Inc.; OU=PremiumSSL Wildcard; CN=*.familysearch.org
*        start date: 201
*        expire date: 201
*        subjectAltName: familysearch.org matched
*        issuer: C=G
*        SSL certificate verify ok.

Chrome screenshot:

enter image description here

cfhttp error:

Charset [empty string] 
ErrorDetail I/O Exception: Name in certificate `*.familysearch.org' does not match host name `familysearch.org' 
Filecontent Connection Failure 
Header  [empty string] 
Mimetype    Unable to determine MIME type of file. 
Responseheader  struct [empty]

Statuscode  Connection Failure. Status code unavailable. 
Text    YES
4

1 回答 1

6

相关证书的主题备用名称(SAN) 为familysearch.org. 因此,该证书对和 有效。*.familysearch.orgfamilysearch.org

仅供参考,curl 实际上是通过以下语句让您知道这一点:

subjectAltName:familysearch.org 匹配

于 2013-08-01T15:43:33.573 回答