AnsweredAssumed Answered

Certificate name mismatch for some IPs of apis.google.com

Question asked by Walter Trent on Nov 16, 2013
Latest reply on Nov 18, 2013 by Walter Trent

As far as I know, SSL Server Test supports SNI. However it does not work for apis.google.com, for example https://www.ssllabs.com/ssltest/analyze.html?d=apis.google.com&s=173.194.115.14&hideResults=on "fails" with "Certificate name mismatch" error (cached page: http://www.peeep.us/d040483e ). According to this page, the certificate is valid for *.google.com, and openssl s_client has no problem with server identification:

 

openssl s_client -connect 173.194.115.14:443 -servername apis.google.com
CONNECTED(00000004)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---

 

Is there a problem with SSL Test or with Google?

Outcomes