SSL common name mismatch error explained

What Is an SSL Common Name Mismatch Error?

In the event there is a common name mismatch error when you land on your website, then the common name or SAN on your SSL Certificate does not match the domain or address bar in the browser.

The message that appears will depend on the browser being used.

Google Chrome error

Chrome, connection not private
Chrome – connection not private

‘This server could not prove that it is domain.com; its security certificate is from otherdomain.com. This may cause a misconfiguration or an attacker intercepting your connection’

Firefox Error

Firefox certificate name mismatch
SSL Certificate name mismatch – Firefox

‘Domain.com uses an invalid security certificate.’
‘The Certificate is only valid for otherdomain.com

Safari Error

Safari certificate name mismatch
SSL Certificate name mismatch – Safari

‘Safari can’t verify the identity of the website domain.com
‘The certificate for this website is invalid. You might be connecting to a website that is pretending to be domain.com which could put your confidential information at risk. Would you like to connect to the website anyway?’

Microsoft Edge & Internet Explorer Error

Internet Explorer certificate name mismatch
SSL Certificate name mismatch – Internet Explorer & Edge

 ‘The security certificate presented by this website was issues for a different website’s address. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.’

IMPORTANT: If you come across this error and you are not the website owner, you will need to get into contact with the owner to fix the error. Do not continue into the website anyway, the website could be fraudulent and allow hackers or other malicious third-parties to gain access to your data.

How do I solve a domain name mismatch error?

The installed SSL Certificate does not secure the correct Domain Names

The first step is to check the SSL Certificate that is currently installed on the domain of your website to see if it matches.

We provide a tool that can be used to do so: tools.trustico.com/ssl/website-scanner/certificate-url/extract-ssl-certificate-via-url

SSL Certificate website checker
  • Check the “Subject Alternate Names (SANs)” box once the information has been decoded. This area shows all the domains secured by the SSL Certificate that is installed on the domain you are checking.
SANs

If none of the SANs match the domain you have searched for, then the SSL Certificate you have installed does not secure your domain and is the reason for your Domain Name Mismatch error.

To solve this, you will need to purchase and install an SSL Certificate that secures the correct, specified domain name.  

The website does not actually use SSL but it shares an IP address with a website that does

If your website shares an IP address with other sites, then this may or may not cause a Domain Mismatch error and solutions can vary.

Your website may be hosted on a shared server. A hosting company may require a dedicated IP address to support SSL Certificates. This is because if one customer has an SSL installed for a shared IP then it can cause interference with other websites/SSL Certificates that share that IP address.

If this is the case, you will need to contact your web-hosting provider.

Another reason could be that the client, hosting server, or both do not support Server Name Indication (SNI). This is a legacy issue that would only affect older servers, so it is not too common.

For example, if you have Trustico.com (default site) and Trustico.org hosted on the same IP with SSL Certificates configured but SNI is not supported, only the default SSL Certificate will be shown.

If the server and client support SNI then the correct SSL Certificate will always be used. If your server does not support SNI you will have to upgrade your software to support SNI or get a dedicated IP.

The website doesn’t exist anymore, but the domain name still points to the old IP address where another website is hosted

You will need to update your DNS settings to make sure they are pointing to the new IP address.

Your hosting provider has pre-configured settings that do not allow for third-party SSL Certificates

Some hosting providers do not allow for the installation of third-party SSL Certificates. If this is the case, you may receive a mismatch error.

When you check the SSL on your website using our tool, you will usually see the hosting company’s name as the domain name if this is your problem.

If this is the issue, we recommend contacting your hosting provider to see if they will allow you to use the third-party SSL Certificate.

How Useful Was This Post?

Let Us Know How We Are Doing - Click A Star To Rate This Post

Average Vote Rating / 5. Vote Count :

No Votes So Far! Be The First To Rate This Post