0

I’m currently using an SSL certificate on a MAMP server that I made myself via OpenSSL. I’m running the MAMP server on an Apple Mac that’s running Monterey 12.4. I have no problems running the website that I’ve created via the MAMP server with the SSL certificate I created on any web browser except Mozilla Firefox. I’ve tested every other browser and my website runs without any issues whatsoever.

On Mozilla Firefox, I’m getting an error message that indicates a security risk, and at the bottom of the error message reads “SSL_ERROR_BAD_CERT_DOMAIN”. When I type www. In front of the website URL, for whatever reason, the site runs without any issues on Mozilla Firefox.

Could this issue on Mozilla Firefox be resolved if I created a 2 way SSL certificate that included my website's name with www. in it? If so, how could I go about creating a 2 way SSL certificate? If anyone knows how to solve this issue, I’d greatly appreciate you sharing your knowledge with me.

Listed below is the method I took to create an SSL certificate via OpenSSL. If any step in this is incorrect or a further step needs to be added, I’d much appreciate sharing the correct steps with me.

  • openssl genrsa -des3 -out local-ca.key 2048

  • openssl req -x509 -new -nodes -key local-ca.key -sha256 -days 365 -out local-ca.pem

Country Name (2 letter code) []: State or Province Name (full name) []: Locality Name (eg, city) []: Organization Name (eg, company) []: Organizational Unit Name (eg, section) []: Common Name (eg, fully qualified host name) []: www.mywebsite.com Email Address []:

  • openssl genrsa -out server.key 2048

  • openssl req -new -key server.key -out server.csr

Country Name (2 letter code) []: State or Province Name (full name) []: Locality Name (eg, city) []: Organization Name (eg, company) []: Organizational Unit Name (eg, section) []: Common Name (eg, fully qualified host name) []: www.mywebsite.com Email Address []:

  • openssl x509 -req -in server.csr -CA local-ca.pem -CAkey local-ca.key -CAcreateserial -out server.crt -days 365 -sha256 -extfile v3.ext

The contents of the vs.ext file:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = www.mywebsite.com
Richard
  • 1
  • Yes, you should have both domain names in your certificate. Check out [How to add subject alernative name to ssl certs?](https://stackoverflow.com/questions/8744607/how-to-add-subject-alernative-name-to-ssl-certs) to learn how to alternate names. – not2savvy Sep 26 '22 at 08:00

0 Answers0