What Is an SSL Common Name Mismatch Error?
In the event there is a common name mismatch error when you land on your website, then the common name or SAN on your SSL Certificate does not match the domain or address bar in the browser.
The message that appears will depend on the browser being used.
Google Chrome error
‘This server could not prove that it is domain.com; its security certificate is from otherdomain.com. This may cause a misconfiguration or an attacker intercepting your connection’
Firefox Error
‘Domain.com uses an invalid security certificate.’
‘The Certificate is only valid for otherdomain.com’
Safari Error
‘Safari can’t verify the identity of the website domain.com’
‘The certificate for this website is invalid. You might be connecting to a website that is pretending to be domain.com which could put your confidential information at risk. Would you like to connect to the website anyway?’
Microsoft Edge & Internet Explorer Error
‘The security certificate presented by this website was issues for a different website’s address. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.’
IMPORTANT: If you come across this error and you are not the website owner, you will need to get into contact with the owner to fix the error. Do not continue into the website anyway, the website could be fraudulent and allow hackers or other malicious third-parties to gain access to your data.
How do I solve a domain name mismatch error?
The installed SSL Certificate does not secure the correct Domain Names
The first step is to check the SSL Certificate that is currently installed on the domain of your website to see if it matches.
We provide a tool that can be used to do so: tools.trustico.com/ssl/website-scanner/certificate-url/extract-ssl-certificate-via-url
- Simply enter your domain name into the form that asks for the ‘Fully Qualified Domain Name (FQDN)’.
- Click ‘Decode My Information
- Check the “Subject Alternate Names (SANs)” box once the information has been decoded. This area shows all the domains secured by the SSL Certificate that is installed on the domain you are checking.
If none of the SANs match the domain you have searched for, then the SSL Certificate you have installed does not secure your domain and is the reason for your Domain Name Mismatch error.
To solve this, you will need to purchase and install an SSL Certificate that secures the correct, specified domain name.
The website does not actually use SSL but it shares an IP address with a website that does
If your website shares an IP address with other sites, then this may or may not cause a Domain Mismatch error and solutions can vary.
Your website may be hosted on a shared server. A hosting company may require a dedicated IP address to support SSL Certificates. This is because if one customer has an SSL installed for a shared IP then it can cause interference with other websites/SSL Certificates that share that IP address.
If this is the case, you will need to contact your web-hosting provider.
Another reason could be that the client, hosting server, or both do not support Server Name Indication (SNI). This is a legacy issue that would only affect older servers, so it is not too common.
For example, if you have Trustico.com (default site) and Trustico.org hosted on the same IP with SSL Certificates configured but SNI is not supported, only the default SSL Certificate will be shown.
If the server and client support SNI then the correct SSL Certificate will always be used. If your server does not support SNI you will have to upgrade your software to support SNI or get a dedicated IP.
The website doesn’t exist anymore, but the domain name still points to the old IP address where another website is hosted
You will need to update your DNS settings to make sure they are pointing to the new IP address.
Your hosting provider has pre-configured settings that do not allow for third-party SSL Certificates
Some hosting providers do not allow for the installation of third-party SSL Certificates. If this is the case, you may receive a mismatch error.
When you check the SSL on your website using our tool, you will usually see the hosting company’s name as the domain name if this is your problem.
If this is the issue, we recommend contacting your hosting provider to see if they will allow you to use the third-party SSL Certificate.
Mitchell has a Bachelor of Arts with Majors in Journalism and Foreign Relations; and a Diploma of Digital Design.