SSL Certificate error

Question

I'm using wild card certificate on F5 to offload SSL for my Web-Servers. Already upload wildcard certificate to F5 without any issue. Currently, when try access the url for my Web Server get the error on web browser:
NET::ERR_CERT_COMMON_NAME_INVALID&nbsp;
The url that I´m trying is:
https://service.external.mydomain.com.br&nbsp;
My certificate in my New Client-SSL profile is:&nbsp;
Common name: *.mydomain.com.br&nbsp;
Organization: MyDomain C.O.&nbsp;
Location: My CITY, MyState, MyCountry&nbsp;
Valid from Jan 01, 2019 to December 12, 2020&nbsp;
Encryption Issuer: MyCA-corp RSA CA 2019&nbsp;
Any input?&nbsp;

_maxmau5__37763 · Answer

Have you tried other browsers? I know there are some weird chrome bugs with this wanting alternative names and the like. &nbsp;
Can you paste your certificate key chain from your SSL profile (minus anything identifying oc)&nbsp;

brangel_250165 · Answer

Yes, for others Browsers:&nbsp;
Firefox:
SSL_ERROR_BAD_CERT_DOMAIN&nbsp;
MS Edge:
DLG_FLAGS_SEC_CERT_CN_INVALID&nbsp;
Chrome:
NET::ERR_CERT_COMMON_NAME_INVALID&nbsp;

andrew_husking · Answer

Wildcard certificates don’t go more than one level.&nbsp;
So *.example.com will cover external.example.com but not *.external.example.com&nbsp;
You either need to move the domain to be directly under example.com or get another wildcard for *.external.example.com&nbsp;

surgeon · Answer

Have you checked your cert? The actual cert is different from the cert you are providing.&nbsp;Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:a4:1c:d7:b3:65:58:be:59:5c:38:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2
        Validity
            Not Before: Oct 17 07:13:06 2017 GMT
            Not After : Dec 11 08:45:40 2020 GMT
        Subject: OU=Domain Control Validated, CN=cc.sedoparking.com 
        ... 
        X509v3 Subject Alternative Name:
                DNS:cc.sedoparking.com

Error tell everething you need

service.external.mydomain.com.br uses an invalid security certificate.   
The certificate is only valid for cc.sedoparking.com.   
Error code: SSL_ERROR_BAD_CERT_DOMAINUpdate you cert to a valid one.&nbsp;

Forum Discussion

SSL Certificate error

4 Replies

Recent Discussions

Default cert

Backup and synchronization - In case of a file created in bash

Standalone F5 Device Synchronization

Network failover - peer-offline

Problems connecting to vpn after upgrading to ubuntu 24.04

Related Content

SSL Certificate Report

Re: Management Certificate

Certifications for security professionals

Client ssl certification bulk installation

Certificate Expiry Email alert configuration