DZone
Security Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Security Zone > How to Fix SSL Common Name Mismatch Error

How to Fix SSL Common Name Mismatch Error

A self-proclaimed security geek examines this type of internet security vulnerability, and some easy steps you can take to avoid it.

Ashraf Ali user avatar by
Ashraf Ali
·
Jun. 20, 17 · Security Zone · Tutorial
Like (2)
Save
Tweet
40.82K Views

Join the DZone community and get the full member experience.

Join For Free

What Is an SSL Common Name Mismatch Error?

An SSL common name mismatch error occurs when there is a mismatch between the domain name and the Subject Alternative Name (SAN) or common name of the SSL certificate. SAN allows you to list multiple domain names and subdomain names in a single certificate. This mismatch error occurs when the SSL certificate does not have the name entered in the browser address bar.

You may have observed this error if you had accidentally typed https://uwxyz.com instead of https://www.uwxyz.com/ - for example. However, if you had typed in the name of a website that had a multi-domain SSL that has multiple domains listed, then it would have opened even if it was https://website.com or https://www.website.com. However, if the website did not have SSL and it had been trying to display as "https," then again, the browser would throw an error. Typical errors may display messages as listed below – depending on the browser and browser version.

"Your connection is not private"

Attackers might be trying to steal your information from <www.websitename.com> (for example, passwords, messages, or credit cards).

Common error messages inclucde: 

  • NET::ERR_CERT_COMMON_NAME_INVALID

  • "The security certificate presented by this website was issued for a different website’s address. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server."

  • "This server could not prove that it is websitename.com; its security certificate is from websitename.com. This may cause a misconfiguration or an attacker intercepting your connection"

Tips for Fixing a Common Name Mismatch Error

Identify the type of SSL certificate installed for your website on the server. Then you must analyze why someone intending to visit some other domain got routed to your website. You must study the details of your SSL certificate and analyze the other domain names listed as a SAN. Analyze the common name, SAN details, IPs, and domains.

Reputed Certificate Authorities will offer SAN options that would effectively protect your domain. An SSL certificate would protect your common name. Warning messages are displayed when a typed-in web address does not match your common name because you had not included that website address in your common name.

You may get an error if your website shares an IP address with another website that has an SSL certificate. IP address sharing or shared hosting could lead to warnings. To be absolutely secure, in order to stay protected from spoofing websites, it is better to have a dedicated IP address - and some hosting companies have made it mandatory for a dedicated IP address if your website needs to have SSL.

A warning error may pop-up if Server Name Indication (SNI) is not being supported by either the hosting server or the connecting client or both. This issue is typically encountered in legacy systems. Ensure that your server supports SNI.

In case you have closed down one of your websites you must ensure that the DNS for that domain name points to your new website. Pointing to the old website can lead to an error. Also, avoid using the certificate of the hosting provider as it could lead to warnings.

Additionally, you must set up the configurations of your firewall and server correctly or else you may face issues.

Server Name Indication

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Deployment of Low-Latency Solutions in the Cloud
  • Open Source Security Risks
  • Top Soft Skills to Identify a Great Software Engineer
  • Your Old Laptop Is Your New Database Server

Comments

Security Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo