Question regarding TLS/SSL server certificates

mutluit · October 31, 2023, 1:54pm

Hi,
I hope this thread about TLS/SSL server certificates is not off-topic here b/c I saw other previous such threads here.

I’m not an expert in such PKI certifcates, but I know it’s to certify that the domain name (or IP) is valid/verified by the certificate issuer.
But today I saw an IMO very funny looking certificate:
it’s issued to .*abholstation.de, BUT it gets used by the domain [www.]dacos.de !
And the browser says certificate is OK. How is that possible?
Isn’t that bogus security?

eworm · October 31, 2023, 2:03pm

Have a look at the certificate details! It should have the domain mentioned in “subject alternative names”.

mutluit · October 31, 2023, 2:09pm

You are right! My browser (Opera) does not show the alternate names, but the FireFox browser does.
Indeed, there are many alt names listed.
So, then everything is ok.
Sorry for the confusion.