Webmasters Asked on November 3, 2021
I setup cloudflare today. It only asked me to add its nameservers to my domain. After doing that I’m able to access my site at my domain name but it’s now cloudflare’s IP. This is all good and as expected. But, I expected https to show "insecure" because the the cdn certificate is for cloudflare domain like my-app.cloudflare.com. The name in the url is my domain not cloudflare. Somehow its showing green padlock. I don’t understand how
As you can see in the image, the url name is different from the cert CN:
As NuTTyX as said your name is in the SAN section.
You can see it quickly that way:
$ openssl s_client -connect copyurls.ml:443 -servername copyurls.ml -showcerts </dev/null |& grep -A100 'BEGIN CERTIFICATE' | grep -B100 'END CERTIFICATE' | openssl x509 -text -noout |& grep -A1 'X509v3 Subject Alternative Name'
X509v3 Subject Alternative Name:
DNS:sni.cloudflaressl.com, DNS:copyurls.ml, DNS:*.copyurls.ml
Or on the web, go to https://www.ssllabs.com/ssltest/analyze.html?d=copyurls.ml&latest and in the report you can read:
Common names sni.cloudflaressl.com
Alternative names sni.cloudflaressl.com copyurls.ml *.copyurls.ml
Nowadays, and rightly so, browsers do not take into account what is in the CN part (at best it is a fallback), it is the SAN part that is relevant, which unfortunately is not shown by default in first page of browsers certificate viewing.
Answered by Patrick Mevzek on November 3, 2021
Certificates can be issued for "Subject Alternative Names" (that is, more names that certificate is valid for) which covers your hostname (I've just checked that it covers both your domain and any subdomain). Also, consider that when you censor your browser's navigation bar, the title of the tab still shows the domain name and should be censored as well.
Answered by NuTTyX on November 3, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP