SAN: domain name mismatch (Android 2 / Windows XP)

souki · November 18, 2015, 1:45am

I am using SAN certificate to provide support for Android 2 and Windows XP. I was already using Comodo certificated and it was working nicely. I tried to switch to LE but now I am getting error about incorrect domain name (screenshot - https://db.tt/T8OseNpg)

Server config is the same (I used certonly and installed certificate manualy) and when I decode old (Comodo) and new (LE) certificated, I can’t see any difference (except for signature etc.).

Browser is getting correct certificate, but it is ignoring alternative domains.

Any ideas what am I doing wrong? Live example: https://www.jadi.cz (only without SNI - modern browser are getting different certificate)

My1 · November 18, 2015, 2:02am

could you show a shot of you browser showing the correct cert, including the SAN?
because you say that the browser is getting the correct one…
I dont have such old stuff to test it myself.

souki · November 18, 2015, 2:41am

My1 · November 18, 2015, 2:52am

hmm… now the question is: does IE8 on XP even recognize SAN?

winxp is quite some old stuff and similar to android 2 it’s going down, slowly, but for sure.
according to the android stuff there’s like 4% of android devices active with <4.0

eva2000 · November 18, 2015, 3:00am

well WinXP pre-SP3 doesn’t support sha256 based SSL certificates nor does Android <2.3

so could be the old Comodo certificate was issued with sha1 ?

for winxp try using Firefox latest browser and double check

My1 · November 18, 2015, 3:16am

well yeah even for winxp at least firefox should do sha256 certs and even SNI, because it doesnt rely on any system components for that matter…

My1 · November 18, 2015, 3:18am

well can a server actually serve different certs based on the operating system/Browser of the user? at least I see with FF42 on w8.1 a sha256 cert

eva2000 · November 18, 2015, 3:23am

Believe Cloudflare does that ? BoringSSL supports equal preference ssl cipher/ssl certs but not many web servers use BoringSSL as opposed to OpenSSL or LibreSSL.

Wikimedia foundation has patched Nginx for multple SSL certificate support see Multiple certificate support revisited. So hoping Nginx would merge such patches eventually

We've forward-ported Filipe's Apr 27 variant onto Debian's 1.9.3-1
package. Most of the porting was trivial (offsets / whitespace /
etc). There were a couple of slightly more substantial issues around
the newer OCSP Stapling valid-timestamp checking, and the porting of
the general multi-cert work to the newer stream modules. The
ported/updated variant of the patches we're running is available here
in our repo:

https://github.com/wikimedia/operations-software-nginx/blob/wmf-1.9.3-1/debian/patches/

Our configuration uses a pair of otherwise-identical RSA and ECDSA
keys and an external OCSP ssl_stapling_file (certs are from
GlobalSign, chain/OCSP info is identical in the pair). Our typical
relevant config fragment in the server section looks like this:

ssl_certificate /etc/ssl/localcerts/ecc-uni.wikimedia.org.chained.crt;
ssl_certificate_key /etc/ssl/private/ecc-uni.wikimedia.org.key;
ssl_certificate /etc/ssl/localcerts/uni.wikimedia.org.chained.crt;
ssl_certificate_key /etc/ssl/private/uni.wikimedia.org.key;
ssl_stapling on;
ssl_stapling_file /var/cache/ocsp/unified.ocsp;

souki · November 18, 2015, 3:44am

I am testing on Windows XP SP3 with IE8. It does support SHA256 and SAN.

I doubt that SHA is the problem here - error message would be different. It doesn’t have problem with signature but only with domain identification.

SAN (on Cloudflare)

SHA256 - Comodo without SAN but on same host (different IP) as my LE SAN certificate

eva2000 · November 18, 2015, 4:15am

ssllabs reports for https://www.jadi.cz/ 2 ips on Amazon EC2, 1 ip covers non-www and www version but other ip only covers www version of domain without non-www coverage

https://www.ssllabs.com/ssltest/analyze.html?d=www.jadi.cz&s=52.19.170.144&hideResults=on&latest - comodo ssl cert with www and non-www coverage
https://www.ssllabs.com/ssltest/analyze.html?d=www.jadi.cz&s=54.76.75.61&hideResults=on&latest - only www coverage edit: ok covers non-www in actual test results

souki · November 18, 2015, 10:28am

SSLLabs is always testing SNI certificate.

gavinmerk · November 18, 2015, 5:24pm

Hi,souki
How did you build so many dns name.
I tried a lot of ways not possible.

souki · November 20, 2015, 2:05pm

U just passed them all as argument to letsencrypt. But there is probably some problem with created CSR and I will try to generate CSR manually.

gavinmerk · November 20, 2015, 2:16pm

Can you give an example, I tried many times will not work.
For example: example.com and example.org these two domain names, with CSR, in one cert.

pfg · November 20, 2015, 2:22pm

You can pass multiple domains to the client with -d domain1 -d domain2, etc.
Full example with webroot:

letsencrypt-auto certonly -a webroot --webroot-path /var/www/html -d example.com -d example.org

gavinmerk · November 20, 2015, 2:51pm

I copied your certificate to My Computer (winxp sp3).
Then display something like this:

meaning is : "Name of the certificate is invalid, this name is not included in the Allow list or directly excluded. "
However, there is no problem in win7 system.

This may be the operating system does not support.

souki · November 20, 2015, 3:39pm

Windows XP SP3 definitely supports SAN certificates (see screenshots above). But for some reason it has problem with SAN certificate from LE.

gavinmerk · November 20, 2015, 3:46pm

I fully agree with this

v998 · November 23, 2015, 4:12pm

Feels like a problem with the interpretation of Name Constraints in Windows XP…
Just found a blog post about it… https://unmitigatedrisk.com/?p=201
So… I am not sure if we need to reissue a new Root Cert if we need to support XP…

souki · November 23, 2015, 4:43pm

Windows XP is slowly dying but the problem also affects Android 2 which still has significant market share (bigger on markets like China or India)