Common Name Mismatch occurs when the common name or SAN listed on an SSL certificate doesn't exactly match the name displayed in the URL bar. Any difference will cause the web browser to halt and display a name mismatch error. In order for an encrypted connection to commence, the name on SSL certificate has to match the name in the URL.
This is why it’s important to get all the information correct during the ordering process and have your server set-up and configured properly. If you aren’t sure about how to add a SAN or include your base domain in the ordering process, submit ticket to contact our SSL team to assist you.
Common Name Mismatch Errors Across Different Browsers
Different browsers will show different error messages when there is a name mismatch issue:
Your connection is not private. Attackers might be trying to steal your information from wrong.host.badssl.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
Your connection is not secure. The owner of wrong.host.badssl.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
This Connection Is Not Private: This website may be impersonating “wrong.host.badssl.com” to steal your personal or financial information. You should close this page.
Causes for Common Name Mismatch
Common Name Mismatch error can appear due to a number of reasons. We have described the most widespread of them below:
- The website was accessed via an IP address or an internal host name, but the certificate was issued for a FQDN (Fully Qualified Domain Name). Even if you have a dedicated IP address, the common name mismatch will be shown because the https request via an IP address does not contain the server name (domain/subdomain name) itself. Due to this reason, there is no way to avoid the warning trying to access the site via an IP address, as a regular certificate is issued for a domain/subdomain name.
- The certificate was issued to example.com, but the website was reached via www.example.com. WWW is technically a sub-domain. Most certificates secure both WWW and non-WWW variations, so this is typically not the cause.
- The Certificate is installed, but the domain is pointed to a shared IP address. Usually a dedicated IP is required in order to install the SSL certificate. If there is already a certificate installed within the same IP address, the browser will establish a connection to the original certificate installed within the IP address. This isn’t a problem if you have SNI (Server Name indication) that allows to host several certificates on the same IP address. Additionally, a Multi-Domain SSL certificate can also prevent this issue.
- The error can appear also with a wildcard certificate (different levels of subdomains), if you are trying to access a subdomain of the third or a higher level, while a wildcard certificate is valid for the main domain and subdomains of the second level. For example, if a wildcard certificate was issued for *.ssl-certificate.com, it is valid for ssl-certificate.com and all the subdomains of the second level (sub1.ssl-certificate.com, sub2.ssl-certificate.com, sub3.ssl-certificate.com, etc), but it does not cover subdomains of the third or higher levels (sub2.sub1.ssl-certificate.com or sub3.sub2.sub1.example.com).
Resolving Name Mismatch Problem
Resolving this error depends on the reason its occurring in the first place. Thus, solutions to this problem can vary greatly but will almost always involve adjusting the configuration of your website. If you’ve identified the issue, but are struggling to troubleshoot, you may submit ticket to contact our support team to assist further.