I assigned a self signed wildcard certificate to an OpenWRT (LEDE) router LUCI (uHTTPd) system. The CA which signed this certificate got added to all browsers as trusted certificate authoritiy.
It works fine on Internet Explorer, Edge and Chrome, but not on Firefox 58.0.2, which throws the error SSL_ERROR_BAD_CERT_DOMAIN, even when it states on the same error page that the certificate is issued for this domain.
If I issue the certificate directly for the host (no wildcard) then it works fine in FF as well.
What could cause this issue?
Your certificate has the following "Subject Alternative Names" (SAN):
Firefox does not like entry 2, as it considers
mainserver
a TLD and aborts there; the following entries are not checked, so yourfw1.mgmt.ctb.co.at
never matches entry 3.I solved a similar problem in our domain be re-ordering the SANs and putting all FQDNs first; you should move your entry 2 to the end.
Firefox issues of interest