Reputation: 1868
certificate working on IP but not on URL
I have a problem accessing my site (on https) with IEMobile 9 (WP 7.5).
It says it's got problem with the certificate, as if it wasn't valid. Everything works on any other browser or platform I tested (android (several phones and a galaxy tab with stock browser, firefox, opera, dolphin), iOS (iphone and ipad with safari and chrome), an old nokia with symbian, windows 7, linux and mac).
To try to solve this I saved the certificate (.cer) on the server and accessed it from the phone browser. It always complained except when I accessed it through the server IP (192.168.xx.xx). At that point it (said it) installed correctly the certificate. If then I try to access the index.html still using the IP all works fine and it doesn't complain about the certificate. If, though, I try to access the index using the actual URL (blah.myblah.com), it complains again about the certificate, as if it wasn't installed!
It isn't a problem of DNS, cause that's up and serving the right ip, and the phone is correctly setup to use it.
The certificate is signed by geotrust/rapidssl for *.myblah.com.
Upvotes: 1
Views: 542
Answers (2)
Reputation: 1769
I have had issues with certificates related to how some HTTP over TLS implementations look for SubjectAltName(SAN). RFC2818 states that, if the hostname is a DNS entry, implementations must check the hostname against the subjectAltName extension array looking for a DNS entry that matches the host. In case there's no subjectAltName CommonName is used. If the hostname is an IP, the certificate must contain a subjectAltName IP entry matching the IP. Also note that wildcard certificates are being discouraged by the newer RFC6125, so MAYBE windows phone is already enforcing this, although I might be wrong.
My first step would be to check the SAN portion of the certificate and make sure it has a DNS entry matching the your site's host.
Upvotes: 0
Reputation: 360662
That's normal. certificates are issued to a particular host+domain name. Basically, SSL's validation code will have something like
if (requested host name != certificate issued hostname) {
issue security alert
}
so you're doing
if (192.168.xx.xx != example.com) {
and get the security warning.
Upvotes: 1
Related Questions
- Certificate is trusted by PC but not by Android
- Why SSL certificate only works in Internet Explorer?
- ERR_SSL_PROTOCOL_ERROR when trying to access the website on mobile data
- SSL working in chrome but sometimes in Firefox and not on IOS, Android or Blackberry
- windows phone 8 issues with trusting SSL certificates
- Invalid SSL Certificate error on iPod Touch - works for iPhone
- SSL certificate is not working in android mobile,iphone and Ipad
- SSL certificate cannot be found on Windows Phone 8 emulator
- WebClient connecting to HTTPS gives NotFound error on some phone devices
- Accessing HTTPS web page from webbrowser using self signed certificate