SSL Error: Common Name MisMatch on status.twitter.com

[aashish97]

Hello All,

Recently, I was checking out some settings on Twitter and I landed to the “About Twitter” Configuration.
In this the last option that you get is Status. I just clicked on it.

image.png (54.77 KiB) Viewed 1860 times

And landed to a https://status.twitter.com with an SSL ERROR: ERR_CERT_COMMONNAME_INVALID
OOPS seems like something is broken over here.
So I went through the Certificate and on the certificate the Common Name is *.twimg.com and the SAN list is as shown below which does not Include status.twitter.com, so I am getting this Error

image.png (90.58 KiB) Viewed 1860 times

image.png (28.43 KiB) Viewed 1860 times

[aashish97]

Over here, I was confused so I went to check Twitter’s SSL Certificate.
Which is as shown below. Which shows Common Name [CN] as twitter.com

image.png (24.47 KiB) Viewed 1859 times

And SAN List as shown below.
To my surprise, there was No Mention of any other Sub Domains of Twitter
It only includes twitter.com & www.twitter.com

image.png (27.01 KiB) Viewed 1859 times

Then I went to about.twitter.com which has an SSL Certificate with a CN as *.twitter.com

image.png (105.16 KiB) Viewed 1859 times

[aashish97]

And the SAN List is: *.twitter.com which is a wildcard and will include all sub-domains, also status.twitter.com

image.png (27.01 KiB) Viewed 1859 times

It is Strange that Twitter has done a minor SSL Certificate related misconfiguration
They should have put This *.twitter.com in status.twitter.com or there is something else.
Any which way it is a Third Party Web Application that Twitter is using because after I add Exception for this Error, I land to
https://status.twitterstat.us which is part of status.io
I don’t know if it is Okay or Not, but this increases suspiciousness for a website.
Also, this can easily be fixed.
By switching its certificate with *.twitter.com or actually changed the link with https://status.twitterstat.us

image.png (32.94 KiB) Viewed 1859 times