[Issue]: SSL_ERROR_BAD_CERT_DOMAIN on nexisuni

[sleepy-nols]

Expected behavior: When fetching article, bibbot automatically logs into nexisuni.

Actual behavior: Before login can happen, SSL_ERROR_BAD_CERT_DOMAIN error blocks loading of page, as HTTPS-Only Mode is enabled.

When trying to fetch an article from https://www.nexisuni.com.bonn.idm.oclc.org/ the following error occurs. I have enabled HTTPS-Only Mode in Firefox. I think this might be a issue on nexisuni's side, still leaving this here to keep track of the bug.

SSL_ERROR_BAD_CERT_DOMAIN
https://www.nexisuni.com.bonn.idm.oclc.org/

Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

Certificate chain:

-----BEGIN CERTIFICATE-----
MIIGVjCCBL6gAwIBAgIQP8vXmsEwSCD+hiv0CU1igjANBgkqhkiG9w0BAQsFADBK
MQswCQYDVQQGEwJVUzETMBEGA1UECgwKT0NMQywgSW5jLjEmMCQGA1UEAwwdT0NM
QyBUTFMgSXNzdWluZyBSU0EgU3ViQ0EgUjEwHhcNMjQwMjE2MTY1MzEwWhcNMjUw
MjE1MTY1MzEwWjAeMRwwGgYDVQQDDBMqLmJvbm4uaWRtLm9jbGMub3JnMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu68vdlLSJSH9IXUEOkrd/0IpH8x1
s8r48O84419aZV7jgURA1iJgFKm6JrFiImk4vb+bUZKt58RYl2GCOk6z9a6Gg2le
TAkPRzsRQ27Ac78Yj2d3lzTozsOGFbCLp1Y/Un4rJnIpx/1cU20MjEocD0KeRaYt
fHPnyB4dHxJSH+cLYum883SuG/xHzhYWSEHtWh/M6UgEMkDMap+kBgt9PZhVr+uA
zFGyrappe7/fT7ArOk4BBQyw2qG5qgjkj+vad5/6aiGqsi8+/JRlCVskkaQQ2aT1
j1zk9F5R1Cj8CFPWTLoUr8LHMzeuGMt5Ckv9lbcdhmSgSS+dCN3RAj72qwIDAQAB
o4IC4jCCAt4wDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQgmPuh+fMGhfKXNiK0
gPb1qFaKMDBnBggrBgEFBQcBAQRbMFkwNQYIKwYBBQUHMAKGKWh0dHA6Ly9jZXJ0
LnNzbC5jb20vT0NMQy1UTFMtSS1SU0EtUjEuY2VyMCAGCCsGAQUFBzABhhRodHRw
Oi8vb2NzcHMuc3NsLmNvbTAxBgNVHREEKjAoghMqLmJvbm4uaWRtLm9jbGMub3Jn
ghFib25uLmlkbS5vY2xjLm9yZzAjBgNVHSAEHDAaMAgGBmeBDAECATAOBgwrBgEE
AYKpMAEDAQEwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMDoGA1UdHwQz
MDEwL6AtoCuGKWh0dHA6Ly9jcmxzLnNzbC5jb20vT0NMQy1UTFMtSS1SU0EtUjEu
Y3JsMA4GA1UdDwEB/wQEAwIFoDCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcA
zxFW7tUufK/zh1vZaS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGNst8+twAABAMASDBG
AiEA9i+spG1jckvUkg3ZDmsVpe+GRDjB+vt0YuDsTZiidjsCIQC0JgioiXAjE/pa
U2LKYgIk9aWnPW10/m1vGqLVaoqh3wB3AE51oydcmhDDOFts1N8/Uusd8OCOG41p
wLH6ZLFimjnfAAABjbLfPo8AAAQDAEgwRgIhAJ5pz4QNEzE04FkRs4+gWxkEb7Hk
iyqHJ7AVIIzrCjmpAiEAzOSZl7ZMO4nAbTImX5k0l5WPApgtEwhmOapnRXurihkA
dQDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2XjbapflTA/kwNsAAAAY2y3z6zAAAEAwBG
MEQCIEsKU18wBHu8ZtUS8H7s6poQJHNuUuxaxqD8xL29HHydAiAtdOssupNagJJU
b82yVKMco0QFNTixWM4k7y+cUqQt2zANBgkqhkiG9w0BAQsFAAOCAYEACpZKYSLu
516Kz6DHCPVT0bJ+0gMDhVi8gCyZjKu7zBWalp65k1H57IjeE2JGHhCoZ1jYvvDu
7OCL7PDXQVVYqh0QxHCl2Wl3ireiKOnbsjj8MJ/t+HDU6tQRbsr+3zrKbwteugP2
BV5+ZYnSOvsKHphX7jYodt3DWoZyySDtwaHwd37e5KtDxLKIaxmCgNCyP9a6cmcn
KIxiYJ3En7t5UiOElEuAgJY5nb3jfDvc3PdLpOfCrPHwGBeL52hvFN4T4jTzfSpv
XjrS03feJfxB4g4rm0h/Zn3+ebRIYQWph7S6Xy5ni3dtG+BpNufdMGxjL2c4BZaj
HEiyY18aajIejaQaSZW1SdME0hDU9egOu7WF3qvnB4g8f0DGe5hOaP5P0aSWqNrF
l9rTp9+yp2hKxKoOFIuJwFAENo8potvWyHNkmZfDUTbKIjxdM52CkP+hCr3tzXZ7
xQd/6VAvMx01EMBM4FqT0BjcUUbg1LsAL4qvb7uEZm+gZ0FNY6SeOpy2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGVzCCBD+gAwIBAgIQX1s30+lhAlqVgHyZRXOttTANBgkqhkiG9w0BAQsFADB6
MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24x
ETAPBgNVBAoMCFNTTCBDb3JwMTYwNAYDVQQDDC1TU0wuY29tIFNTTCBFbnRlcnBy
aXNlIEludGVybWVkaWF0ZSBDQSBSU0EgUjEwHhcNMjIwOTIyMTc0ODM5WhcNMzIw
OTE5MTc0ODM4WjBKMQswCQYDVQQGEwJVUzETMBEGA1UECgwKT0NMQywgSW5jLjEm
MCQGA1UEAwwdT0NMQyBUTFMgSXNzdWluZyBSU0EgU3ViQ0EgUjEwggGiMA0GCSqG
SIb3DQEBAQUAA4IBjwAwggGKAoIBgQCGawa79QE5sNYbpCJZgCRFoGKsgaDU3kN9
J8LdEZYbYKvdi8nc9+2rj2VZSY3lQLR+Gn/M2VwN4A4IDn5/K9GmXV+3Q8C7Zxl1
CBEOrkpCwXL3w/hpxEiHcIs/3TyxWTHu2YBvwwSP4zlyGA7QixVpLw+PUSNLNVb1
zBEyoPEXjhUWM/R/NA7nzX5CUC5bZq6Lwmx1w6La+5uSiBKPwtd5VKD+ag27ipb4
ItG53DN3bEFDgfi8O0S8VyVLla3njGAbLavJaktrxh+ycI0uLmSSSXAoDn4Zoy4F
tLQNFAnYfJ1wy1Ty1UmcyX8uS8hF48QTkizTh8D98kQN1wbayP0cBDJxPo/DJwby
Gk7YLKnBkpHCHHVqstDloMfPuh/HAuLC3m45UpjGmoZlFGit2Io2WCOY/FS4lzBN
VivglqVerfb4CRs8afvYBh61hWfDIoMRT6aoZjEnSyxNS3BBLH3KI/qndQa8CTov
pHpN7yIXtsuT3Feqw5OMxTBgaKsLXTECAwEAAaOCAYcwggGDMBIGA1UdEwEB/wQI
MAYBAf8CAQAwHwYDVR0jBBgwFoAU0D3qopgHXUSFzwP7yr80Cp8QxGgwYwYIKwYB
BQUHAQEEVzBVMFMGCCsGAQUFBzAChkdodHRwOi8vY2VydC5zc2wuY29tL1NTTC5j
b20tRW50ZXJwcmlzZS1JbnRlcm1lZGlhdGUtU1NMLVJTQS00MDk2LVIxLmNlcjA/
BgNVHSAEODA2MDQGBFUdIAAwLDAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cuc3Ns
LmNvbS9yZXBvc2l0b3J5MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATBY
BgNVHR8EUTBPME2gS6BJhkdodHRwOi8vY3Jscy5zc2wuY29tL1NTTC5jb20tRW50
ZXJwcmlzZS1JbnRlcm1lZGlhdGUtU1NMLVJTQS00MDk2LVIxLmNybDAdBgNVHQ4E
FgQUIJj7ofnzBoXylzYitID29ahWijAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3
DQEBCwUAA4ICAQB0k6ASR5Xhf2i4wnonYuOMtB4nJiNzkOpLbELTX5sdJKwxeSn6
P8DVOEaDiMAuxIhKPBO8t98rIMi9dMftfJLcq8kfbthbHPS90+vX1f1O44J2hDl0
+lmjuDJxD0veotSUJsdvcI6FswkEwMB2tACL1Rju09a8Gew97TpnzM9BI9UgFZWx
HCnZVxA+1Zn0vCaHBby0UGeAeamdcmRp2Ap2sT7HeXh1KmHh3zLXokFk7lgfHBzA
8/bsnKQ91Dg9QMnJIjdSJSe3KZaIHnD7FFFn1FzKPsBFXUHrcl4ZGQFrif4hnG6Q
y5BYSb8aLCXzbIwDZp2RScFcUGicDx0uzyT+IQD8dn07GVZ33/gsXqAus61rX/LO
T1XpcVeMAHu49rHv+R5AoCO8a5ChsX/JhMCul8LPCss1IiGdsj3q3lBdbvxGo0aR
tsSVa0mYmr2Y1g/LiTvjJp2r7pCTLi2VDqLH62c4Wp/uwKJO7DOh5D28AlvuBT+8
de4EAWBQ8pZCc+cOgpKIknOS4Muur9Q4oCspQc5yyso+ITfuGVsn5HwkThYG+h+N
1dziQmAFj+BWgwcy5NuKDZTyp5uWJ15Dwd/9N6RDbTsSTXrj1z+7/Q2NXu6Rg1XW
voL/WBROTRYLXk8iZzRErtM3gh0J6k67ye9+ShAcLjjRil3AXT8SS3vlag==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIG3DCCBMSgAwIBAgIQekYJPiN8u6jQIc4ccKrwDDANBgkqhkiG9w0BAQsFADB8
MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24x
GDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBSb290
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTAeFw0xOTAzMjYxNzM4MTNaFw0z
NDAzMjIxNzM4MTNaMHoxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G
A1UEBwwHSG91c3RvbjERMA8GA1UECgwIU1NMIENvcnAxNjA0BgNVBAMMLVNTTC5j
b20gU1NMIEVudGVycHJpc2UgSW50ZXJtZWRpYXRlIENBIFJTQSBSMTCCAiIwDQYJ
KoZIhvcNAQEBBQADggIPADCCAgoCggIBAINSlaA4gvtnAWSxT5bXGvlOCmJmS0E2
RlRky8QPENT0ZyXGUsnluHz5MoIOvQ0JOQN/KuRvOsjhDQ80Ljdv4wETn3CXpWHn
i+URsf1wBFwfdqQOMkXPk+maMnfiyjPinzVNVlbbiLyi3lPsbePCW+8R+Zje5qqH
y4DEI0IzuuD6EUoBTAtiEyEfh0xP5M2yeUl+g1BlmvO6PUqB+TDkn9KCc95OK3pI
m7spAsUlxhK0P2MZiB6s74QNCWB4IuzDMY/8/lMnMbtkZUYneBRKj6Jt3zipQ6LE
d982dwOttO6MQg3m+A+Zs9fZTBj0eojn1OAUA0bxzBqu9pVsGxgrQ5HHTosGOuW7
1sFLq9ChO7lv/bZxTAzO4G5ym3/t74j/OdPgbRKc5W6CxhsoqMuy6g8LBzf6svP7
3h5l8EZ4zwZ1v8xFy7iTe7+3FQZBG15l6GL7d/BBMOC9Nxo+IU4hEe6N6rcee9kw
LwcpT7aB3d9SqSw59wL1Wa+k+l1uSX2QkfBLBVg0uSF5Hi+NyvKrvpNvSF7IEUQ2
ii818dArblAmI+C6x1hV37ev3HJhpj6hzbdc3JAEZysezYCLjL6XmmAfPHShRU6N
Ug83906voZMgqBiJcpoW/vv9FI42Y35TIbESPvKk2w3Aznt5PhooqYOHslzIDASE
PoPdiAhNEhRZAgMBAAGjggFaMIIBVjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
MBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMIGDBggrBgEFBQcBAQR3MHUwUQYIKwYB
BQUHMAKGRWh0dHA6Ly93d3cuc3NsLmNvbS9yZXBvc2l0b3J5L1NTTGNvbVJvb3RD
ZXJ0aWZpY2F0aW9uQXV0aG9yaXR5UlNBLmNydDAgBggrBgEFBQcwAYYUaHR0cDov
L29jc3BzLnNzbC5jb20wEQYDVR0gBAowCDAGBgRVHSAAMB0GA1UdJQQWMBQGCCsG
AQUFBwMCBggrBgEFBQcDATA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3Jscy5z
c2wuY29tL3NzbC5jb20tcnNhLVJvb3RDQS5jcmwwHQYDVR0OBBYEFNA96qKYB11E
hc8D+8q/NAqfEMRoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEA
JOmE8VLUTIykvmLBD67jxXzMjHEw9YZSbg4HEjBentc6mNxJ+I7BAHJqx+pbIXbr
3Ik/yTIZyyRFfdBB5Txf7Fdf/3emA0/Cchu9mVy8rcMrf78zNS1RnTuztnyw1G0C
zT2n3YgJRBKfTmrhIWekF1nsZ6Vj/XvJaDSwQr1UQwp+5JcWZt0IgUr2idntxp9P
pv/rpwEHot+xs2RufVbfZCjlknBr/i1m+WgOKLe5TZBf6yjNBb/gOo1u2HOLnQw/
54iTPHvjBck0eRnwTUCcBEIC4+kjUPbjUUtxU20WowsUqlOb4rEzjuevTMXCZdxe
GsxvKvfEdlxUHOA/lcGEf/2uoov8uV4v6aFT9n/ZFJwoIzjB7R/tn/uHoATpin4b
gds1Ffo12dl/PoaCBS5OgWAnJ3+cyBOdJ2/XPFb5kNWTfuBMjsNeNvWqWLJfbYP9
GlTruPqC+Uh/tTETkHSxUPpywSnbNer1M6eL9CQVIYZ+g6nESXFvOpaWfdAa/MlZ
CB5yejdUfxihUkHf5/bbho8hQ8KS6CKJ0rB7VoQyGktTFf5N5jogSox37MSYoR5d
9HKwvZmHPgBYLwGD5F/EUQhiMEHI9FLwvgeKt2yoaGFKxWilOm1g5NWNOSaoI+bF
yHnQZqUZ5+CL0njjIjweuPfE3EgZQr0k9tL8fkkgDFQ=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgIRAOQnBJX2jJHW0Ox7SU6k3xwwDQYJKoZIhvcNAQELBQAw
fjELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu
QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEiMCAG
A1UEAxMZQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQTAeFw0xODA5MTEwOTI2NDda
Fw0yMzA5MTEwOTI2NDdaMHwxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQ
MA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTEwLwYD
VQQDDChTU0wuY29tIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBMIIC
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA+Q/doyt9y9Aq/uxnhabnLhu6
d+Hj9a+k7PpKXZHEV0drGHdrdvL9k+Q9D8IWngtmw1aUnheDhc5W7/IW/QBi9SIJ
VOhlF05BueBPRpeqG8i4bmJeabFf2yoCfvxsyvNB2O3Q6Pw/YUjtsAMUHRAOSxng
u07shmX/NvNeZwILnYZVYf16OO3+4hkAt2+hUGJ1dDyg+sglkrRueiLH+B6h47Ld
kTGrKx0E/6VKBDfphaQzK/3i1lU0fBmkSmjHsqjTt8qhk4jrwZe8jPkd2SKEJHTH
BD1qqSmTzOu4W+H+XyWqNFjIwSNUnRuYEcM4nH49hmylD0CGfAL0XAJPKMuucZ8P
Osgz/hElNer8usVgPdl8GNWyqdN1eANyIso6wx/vLOUuqfqeLLZRRv2vA9bqYGjq
hRY2a4XpHsCz3cQk3IAqgUFtlD7I4MmBQQCeXr9/xQiYohgsQkCz+W84J0tOgPQ9
gUfgiHzqHM61dVxRLhwrfxpyKOcAtdF0xtfkn60Hk7ZTNTX8N+TD9l0WviFz3pIK
+KBjaryWkmo++LxlVZve9Q2JJgT8JRqmJWnLwm3KfOJZX5es6+8uyLzXG1k8K8zy
GciTaydjGc/86Sb4ynGbf5P+NGeETpnr/LN4CTNwumamdu0bc+sapQ3EIhMglFYK
TixsTrH9z5wJuqIz7YcCAwEAAaOCAVEwggFNMBIGA1UdEwEB/wQIMAYBAf8CAQIw
HQYDVR0OBBYEFN0ECQei9Xp9UlMSkpXuOIAlDaZZMB8GA1UdIwQYMBaAFAh2zcsH
/yT2xc3tu5C84oQ3RnX3MA4GA1UdDwEB/wQEAwIBBjA2BgNVHR8ELzAtMCugKaAn
hiVodHRwOi8vc3NsY29tLmNybC5jZXJ0dW0ucGwvY3RuY2EuY3JsMHMGCCsGAQUF
BwEBBGcwZTApBggrBgEFBQcwAYYdaHR0cDovL3NzbGNvbS5vY3NwLWNlcnR1bS5j
b20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9zc2xjb20ucmVwb3NpdG9yeS5jZXJ0dW0u
cGwvY3RuY2EuY2VyMDoGA1UdIAQzMDEwLwYEVR0gADAnMCUGCCsGAQUFBwIBFhlo
dHRwczovL3d3dy5jZXJ0dW0ucGwvQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQAflZoj
VO6FwvPUb7npBI9Gfyz3MsCnQ6wHAO3gqUUt/Rfh7QBAyK+YrPXAGa0boJcwQGzs
W/ujk06MiWIbfPA6X6dCz1jKdWWcIky/dnuYk5wVgzOxDtxROId8lZwSaZQeAHh0
ftzABne6cC2HLNdoneO6ha1J849ktBUGg5LGl6RAk4ut8WeUtLlaZ1Q8qBvZBc/k
pPmIEgAGiCWF1F7u85NX1oH4LK739VFIq7ZiOnnb7C7yPxRWOsjZy6SiTyWo0Zur
LTAgUAcab/HxlB05g2PoH/1J0OgdRrJGgia9nJ3homhBSFFuevw1lvRU0rwrROVH
13eCpUqrX5czqyQR
-----END CERTIFICATE-----

[sleepy-nols]

After playing around with this ssl checker a bit, I found out that the domain www.nexisuni.com.bonn.idm.oclc.org we are linking to, is actually redirecting via a 302 temporary redirect to www-nexisuni-com.bonn.idm.oclc.org. Which does not trigger the ssl error.

HTTP status code    302
HTTP forwarding     https://www-nexisuni-com.bonn.idm.oclc.org

As the the nexisuni certificate just covers *.bonn.idm.oclc.org and bonn.idm.oclc.org, further nested domains like the above www.nexisuni. com.bonn.idm.oclc.org are not covered by them. As the dashes in www-nexisuni-com.bonn.idm.oclc.org do not create more subdomains, unlike the dot notation, the domain with dashes works.

Gonna open a mr soon, replacing the url. :)

[sleepy-nols]

an anyone reproduce this on others sites that use nexisuni but a different bib?

[sleepy-nols]

somehow I cannot trigger this error consistently