When does Firefox accept a certificate for a different domain?

(Bjartur Thorlacius) #1

I notice that Firefox Quantum marks the internal website authorization.acquiring.UAT.valitor.com as valid because it presented a certificate for authorization.acquiring.valitor.com, a different subdomain. What gives?

(Bjartur Thorlacius) #2

Turns out this was a certificate for both domains. The Page Info tool only showed me the other production domain part of the certificate, however, even when I was viewing UAT.