<

SSL Name Mismatch Errors and How to Fix Them

Published on
3,820 Points
620 Views
2 Endorsements
Last Modified:
Editors:
Devin Becker
I am currently working in the field of Cyber Security Assurance focusing on the NIAP scheme of Common Criteria
Have you ever received a “This page is not protected” error while trying to access a web page? Maybe even your own web page? This may mean that the site, or your site, that you are trying to access has an SSL Certificate Name Mismatch error.

Have you ever received a “This page is not protected” error while trying to access a web page? Maybe even your own web page? This may mean that the site, or your site, that you are trying to access has an SSL Certificate Name Mismatch error. In simplest of forms, this means that the name for the website on the certificate doesn’t match the name in the URL/Address Bar.

 

For example: typing in www.example.com, when the certificate for the site is for explicitly https://example.com


This is most likely a cause of not having the right common name, or not having the correct Subject Alternative Name (SAN) on the website’s certificate.


There are two main parts of the certificate that are important when dealing with this specific issue. The Subject field, and the Subject Alternative Name field, both of which are accessed in the Details of a certificate.



As the pictures show, Experts Exchange’s certificate has a Common Name of: experts-exchange.com, and two SANs: experts-exchange.com & *.experts-exchange.com.


For those unfamiliar, the asterisk (*) represents a wildcard, which means that anything can go in its place, in this case, a sub-domain. Using this wildcard we cover any cases that might cause a name mismatch error when entering www.expert-exchange.com and https://experts-exchange.com as well as other URLs.

 

Google is a great example of a company that uses wildcard sub-domains.

 


As they have sub-domains like drive.google.com, hangouts.google.com, and many more, it makes sense that they would wildcard their sub-domains. Note that they can also use wildcards on completely different domains(ie. Google.co.jp & google.co.uk). They also have their own Internet Authority, which allows them to create their own certificate.


While having a wildcard sub-domain can be a hassle-free solution to many name mismatch problems, it is more expensive to obtain a wildcard certificate.

 

According to GoDaddy’s standard Certificate pricing: a One Site certificate is $75 a year, a certificate that will protect one domain and up to 5 SANs for $169 per year, while a wildcard certificate that protects all subdomains for 1 domain is $350 per year.


Go Daddy Security Certificates


If you manage a site that is experiencing name mismatch errors:


  1. Check your certificate for your site
    1. Check the common name in the Subject field
    2. Check the Subject Alternative Names field
  2. If you find that changes need to be made you may need to:
    1. Access the account with your Certificate Provider(DigiCert, GeoTrust, GoDaddy, etc.)
    2. Access your Certificates or Orders
    3. Select the Certificate or Order for your website
    4. If available, Add, Remove, or Change Domains.
      • If this option is not available it is possible that you need to contact your certificate provider
  3. Add the necessary SANs into your certificate
    1. Depending on your provider, your certificate plan, or your current SAN entries, there may be an additional charge.
  4. Process the changes
  5. Reissue the certificate to your site.
    • Note: Most certificate providers take 30 to 60 minutes to issue the new certificate to your site.


I hope that this article may help you if you, or your site visitors, are receiving this error when accessing your site.


Devin Becker



2
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free