To those of you familiar with the RFC 4366 TLS "Server Name Indication" (SNI) extension, which allows multiple SSL certificates on the same IP address, here’s the scenario:
- URL: http://puny.it/serverfault02 (Redirects to the actual HTTPS URL.)
- As allowed by SNI, the server has multiple certificates at the same IP address.
- This site’s certificate is not the default non-SNI/IP-specific certificate
- Browser: Firefox/3.6.10 (fresh install)
- Client OS: Windows XP
This version of Firefox is known to work with SNI under Windows XP. (list of conformant browsers)
It works with many configurations but in this instance the browser reports:
This Connection is Untrusted
You have asked Firefox to connect securely to example.com, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
Any suggestions on how to fix this and/or where is the specific incompatibility?
Firefox 3.6.9, Opera 10.62 and Chromium 6.0.472.53 work without problems at my machine. To me it looks like a broken configuration in firefox or bug in this specific version.
Have you tried visiting the site after clearing your profile (preferably in safe-mode)?