Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Wildcard subdomains on appengine over https on firefox

Tags:

https

ssl

firefox

google-app-engine

wildcard-subdomain

When I go to https://wild.rileylark.appspot.com with chrome, I get the nice "this is going great" icon. When I use firefox 4, I get the "omg, you're effed" message:

wild.rileylark.appspot.com uses an invalid security certificate.

The certificate is only valid for the following names: *.appspot.com , *.*.appspot.com , appspot.com

  1. Is this normal?
  2. Anything I can do to fix this?
like image 371
Riley Lark Avatar asked Apr 19 '11 20:04

Riley Lark

People also ask

Can you have a wildcard for a subdomain?

A wildcard subdomain is particularly useful if you desire subdomains to display whatever you set as the document root (a designated folder that stores web pages.) Typically, most wildcards are set to the site's homepage out of preference. This should be specified when creating the wildcard subdomain.

What is wildcard subdomain?

Wildcard subdomain allows you to point all non-existing subdomains to a specific folder in your account. It means that if you enter different subdomains (which are not created in your cPanel) in your browser, they all will show the same content that you uploaded to the folder set for the wildcard subdomain.

3 Answers

The workaround to this limitation is now described in docs: use -dot- in place of dots between your subdomain names, e.g. https://wild-dot-rileylark.appspot.com

like image 90
Peter Knego Avatar answered Oct 22 '22 05:10

Peter Knego

So the specific condition here is that the name on the certificate is *.appspot.com, and *.*.appspot.com appears within the cert's Subject Alternate Names field.

A rejected Chrome bug covers this exact scenario. In it, the respondent indicates that this is deliberately unsupported in Chrome, points to Firefox source code suggesting the same, and asserts that both are following the IETF's recommended implementation of RFC 2818.

like image 27
Drew Sears Avatar answered Oct 22 '22 03:10

Drew Sears

Please note that in April of 2013, Google stopped issuing SSL certificates for double-wildcard domains hosted at appspot.com (i.e. ..appspot.com). If you rely on such URLs for HTTPS access to your application, please change any application logic to use "-dot-" instead of ".". For example, to access version "1" of application "myapp" use "https://1-dot-myapp.appspot.com" instead of "https://1.myapp.appspot.com." If you continue to use "https://1.myapp.appspot.com" the certificate will not match, which will result in an error for any User-Agent that expects the URL and certificate to match exactly.

Ref: https://cloud.google.com/appengine/docs/python/modules/

like image 1
Khalid Avatar answered Oct 22 '22 05:10

Khalid
Sign in to Comment

Related questions

WSGI - Set content type to JSON
passing variables to a template on a redirect in python
How can I work around this internal GWT compiler error
Bad request when updating Appengine with mvn appengine:update
Google App Engine (Python) - Uploading a file (image)
cron.yaml in Google App Engine: how to schedule task every hour at specific minute?
dev_appserver.py Opens a Text File, Does Not Deploy
Cannot access db when running code from Interactive Console
AppEngine - Remote API returning 401 and too-many-auth
How to enforce unique field value in java Google App Engine
Google App Engine: WARNING: failed Server@3d484a8a: java.net.BindException: Address already in use
Database design - google app engine
AppEngine Channel API - Best way to check if a channel is still open (server side)
Resteasy multipart/data-form file upload on GAE
How to decide the language from cookies/headers/session in webapp2?
Unable to Deploy Android App Engine Project on Google App Engine
Concurrent requests in Appengine Python
java.net.UnknownHostException: appengine.google.com
Google App Engine Node.js Application Unhealthy
google.api_core.exceptions.Forbidden: 403 Missing or insufficient permissions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!