Comment 14 for bug 376484

I fully agree to the former poster:

(1) Matching the dot with "*" is a violation of RFC 2818 (HTTPS), and other RFCs regarding TLS-protocols (IMAPS/LDAPS/...) are not less restrictive.

(2) Matching anything with top-level-wildcard "CN=*" is bad practice.

(3) Not showing "subjectAltName:dNSName=*" in the standard vertificate view but matching it with any domain name is VERY BAD PRACTICE (although replacing "CN", "subjectAltName" is hidden in the "details", see bug #238142).

This is a security issue and should be fixed.