SSL_ERROR_BAD_CERT_DOMAIN错误，requested domain name does not match the server‘s certificate._requested domain name does not match the server's -优快云博客

本文链接：https://blog.youkuaiyun.com/zzhongcy/article/details/143935556

这篇文章资料来自于网络，对部分知识整理，这里只是记录一下，仅供参考。

0、一般错误代码

问题代码	问题描述	解决方法
NET::ERR_CERT_DATE_INVALID	网站的ssl证书有效期过期导致的	重新申请新的SSL证书
NET::ERR_CERT_COMMON_NAME_INVALID	访问的域名和证书绑定的域名不一致导致	请检查访问的域名或者证书绑定的域名是否相同
NET::ERR_CERT_AUTHORITY_INVALID	使用了自签证书或者已经被吊销的根证书导致	请在合法的CA申请SSL证书
NET::ERR_CERT_REVOKED	证书文件已经被吊销导致	请重新申请SSL证书
NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN	服务器提供的证书与内置预期证书不匹配	网站可能遭到劫持伪造了证书，请立即停止访问该网站
NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM	网站使用已经过期的SHA1算法的中间证书	请联系CA更换最新算法的证书
SEC_ERROR_EXPIRED_CERTIFICATE	网站的SSL证书有效期过期导致的	申请新的SSL证书
SSL_ERROR_BAD_CERT_DOMAIN	使用了自签证书或者已经被吊销的根证书导致，请在合法的CA申请SSL证书	请检查访问的域名或者证书绑定的域名是否相同
SEC_ERROR_UNKNOWN_ISSUER	使用了自签证书或者已经被吊销的根证书导致，请在合法的CA申请SSL证书	请在合法的CA申请SSL证书
SEC_ERROR_REVOKED_CERTIFICATE	证书文件已经被吊销导致	请重新申请SSL证书
MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE	服务器提供的证书与内置预期证书不匹配	网站可能遭到劫持伪造了证书，请立即停止访问该网站
SSL_ERROR_NO_CYPHER_OVERLAP	网站使用了不受支持的协议配置证书的加密套件和加密算法不浏览器支持	可以参考这个修复指南

1、SSL_ERROR_BAD_CERT_DOMAIN报错

curl -iv https://ha.test.com/check 报错：

curl -iv https://ha.test.com/check
* About to connect() to ha.test.com port 443 (#0)
*   Trying 11.11.11.198...
* Connected to ha.test.com (11.11.11.198) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=ha-test.com,O=haha Corporation,ST=haha,C=CN
*       start date: Apr 21 00:00:00 2024 GMT
*       expire date: May 21 20:59:59 2025 GMT
*       common name: ha-test.com
*       issuer: CN=Secure Server CA,O=HA Limited,L=HA,ST=HA Manchester,C=GB
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not match the server's certificate.
* Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

2、原因

The SSL_ERROR_BAD_CERT_DOMAIN error occurs when a web browser or client attempts to establish a secure connection (using SSL/TLS) to a server, but the domain name in the URL does not match the domain name on the SSL certificate presented by the server. This mismatch can happen for several reasons:

Incorrect Domain Name: The SSL certificate is issued for a specific domain (e.g., example.com), but the user is trying to access a different domain (e.g., anotherexample.com).
Subdomain Issues: The certificate may be valid for a specific domain but not for its subdomains. For example, a certificate for example.com may not cover sub.example.com unless it was specifically issued for that subdomain.
Wildcard Certificate Limitations: Wildcard certificates (e.g., *.example.com) cover all first-level subdomains but do not cover second-level subdomains (e.g., sub.sub.example.com).
Self-Signed Certificates: If a self-signed certificate is used, it may not match the domain, leading to this error.

3、解决To resolve this issue:

Ensure that the URL being accessed matches the domain for which the SSL certificate was issued.
If you are the website owner, check your SSL certificate configuration and consider reissuing it if necessary.
For users, confirm that you are accessing the correct URL and not a phishing site.