Wildcard SSL - rogue subdomain

dereko · March 7, 2007, 3:52pm

I’ve followed the steps to create a wildcard SSL Certificate.

I have
Linux Debian Sarge
Apache2
ModSSL installed

I also know that SSL is set up correctly because a different ssl certificate is working on that server for a different website.

https://1timetracking.com works…

ssl for *.1time.net
Here comes the strange part.
https://demo.1time.net appears to work
https://anything.1time.net works…

but for no apparent reason one subdomain of thousands doesn’t

https://jeebers.1time.net in firefox returns:

jeebers.1time.net has sent an incorrect or unexpected message. Error Code: -12263

there is only one apache virtual host for all subdomains so this one is really baffling me. Also all other subdomains of 1time.net are working fine as far as i can tell.

Any thoughts on this?

garry · March 8, 2007, 2:13pm

Hi,

It sounds like something in the configuration for jeebers.1time.net

Do a google search for Error Code: 12263

The first result gave me:
This generally indicates that the remote peer system has a flawed implementation of SSL, and is violating the SSL specification.

Garry

PKI_User · April 9, 2007, 5:50am

FireFox’s SSL error codes are documented on this web page:
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html

Error code -12263 is documented at
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html#1040406

This error is caused by the server software, not the certificate. One common cause is a server that only speaks SSL2, or that tries to send an SSL2 error message to FireFox. FireFox 2.0.0.0 and later no longer support SSL2 (by default), and require the server to speak SSL 3.0 or 3.1 (a.k.a. TLS).