In what situation does firefox raise a SSL_ERROR_BAD_CERT_DOMAIN error?
I created my own CA and certificate:
# create key for CA
openssl ecparam -genkey -name prime256v1 -outform pem -out ca_key.pem
# create CA
openssl req -new -x509 -days 365 -key ca_key.pem -out ca.pem -subj "/C=US/L=Loc/O=None/CN=Custom CA"
# create certificate and sign it by CA
openssl req -new -key cert_key.pem -out cert.csr -subj /C=US/O=None/CN=localhost
openssl x509 -req -extensions usr_cert -days 365 -sha256 -CA ca.pem -CAkey ca_key.pem -CAcreateserial -in cert.csr -out cert.pem
And deployed ca.pem cert.pem cert_key.pem to Apache (/etc/httpd/certs in this case)
Apache was configured as following:
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
<IfModule ssl_module>
<VirtualHost *:443>
ServerName localhost
SSLEngine on
SSLCertificateFile /etc/httpd/cert/cert.pem
SSLCACertificateFile /etc/httpd/cert/ca.pem
SSLCertificateKeyFile /etc/httpd/cert/cert_key.pem
SSLCipherSuite HIGH:!aNULL:!MD5
</VirtualHost>
</IfModule>
When I access https://localhost/ I always get SSL_ERROR_BAD_CERT_DOMAIN even if I added ca.pem to firefox's trusted CA list
Other browsers are complaining, too
The CN field in cert.pem is localhost, which is definately the same as what I've accessed
What do I need to do to make that certificate work?