Knowledge Base

Security Certificate Errors

The following warnings are presented when you access a website that has a security certificate installed that was issued to a domain other than the one you accessed:

Microsoft Edge
Message:

• Title: “This site isn’t secure”
• Details: “The hostname in the website’s security certificate differs from the website you are trying to visit”
• Error code: DLG_FLAGS_SEC_CERT_CN_INVALID
   

Firefox
Message:

• Title: “Warning: Potential Security Risk Ahead”
• Details: “Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that’s not valid for [site URL]. The certificate is only valid for [certificate domain].”
• Error code: SSL_ERROR_BAD_CERT_DOMAIN
   

Chrome
Message:

• Title: “Your connection is not private”
• Details: “Attackers might be trying to steal your information from [website] (for example, passwords, messages, or credit cards.)
• Error code: NET::ERR_CERT_COMMON_NAME_INVALID

This happens when the common name to which an SSL Certificate is issued (e.g., www.example.com) doesn't exactly match the name displayed in the URL bar. Any difference will cause the web browser to halt and display a name mismatch error. This error can happen even if the correct certificate is installed properly. For example, you connect to the website via the IP address or an internal name, but the certificate was issued to the fully-qualified domain name (or vice versa).

It is also possible that a self-signed certificate could be installed instead of a server-specific security certificate issued by a Certificate Authority (like DigiCert), or that the domain name was misspelled in the request.

If your website is secured by a certificate with the name www.example.com you will receive this error if you connect using any of the following names:

• example.com
• example.local
• 208.77.188.166
• 10.1.1.7

Even though all of the above addresses would get you to a site with a valid certificate, you could still get a name error if you are connecting to a name other than the one that the certificate was issued to.

DigiCert's Multi-Domain (SAN) Certificates were designed to resolve this problem by allowing one certificate to be issued to multiple names (i.e., fully-qualified domain names or IP addresses).

To check your certificate for a name error, we recommend that you use our SSL Certificate Checker. Enter your domain in the server address box; if the certificate name doesn't match, you will get an error message stating "Certificate does not match name example.com".