asked on
Certificate issue or not
Hi,
I enabled port 443 on the server and have checked no other issue to the certificate. Is there help to the issue below?
NET::ERR_CERT_COMMON_NAME_INVALID
ASKER
I did validate everything fine with namecheap.com and they did mention no issue to my certificate/SSL at all.
If you're sure it's correct, then make a screenshot of your browser, with the URL bar, and the certificate opened.
ASKER
I verified SSL fine on SSLlabs (with Overall rating B) but I got the issue below, on SSL checker. Namecheap.com says no issue on SSL. Is there a problem to the certificate? Any other issue on IIS to this?
You posted another error source unknown that has a determination that the port is filtered.
Consider it this way.
You have a phone number that you are testing.
Using one vendor, they call and say the number works and is responded to.
The second tester, responds that when they call, the is dropped.
You look at the logs and see the second tester never comes through, they are blocked on the carrier level theirs or yours. once this has been shown, do not use this vendor to test. Though it may mean that anyone using the same resources might encounter a similar behavior.
You've shown 2 errors now. The first one:
NET::ERR_CERT_COMMON_NAME_INVALID
and the second one is the screenshot.
Both are different problems.
Please show a normal browser window instead now.
Certificates are precise and specific. For example, a certificate for "fqdn.com" is not valid for every subdomain in the fqdn.com domain. It is valid for one site. Not "www.fqdn.com" or "mx.fqdn.com". Only "fqdn.com."
If a certificate is to be valid for multiple sites, it must (a) specify every FQDN, or (b) be a wildcard certificate, which tends to be more expensive.
I agree with Dr. Klahn except all the certs I've examined include the "www.fqdn.com" with "fqdn.com". But that is because the 'www' is included in that cert, it's not automatic.
ASKER
Thanks to all.
Kimputer,
Can you share the details that you want to see the certificate via the browser? What are the steps for me to show you that?
ASKER
Kimputer,
Which is the option of this on the Windows server?
openssl s_client connect hostname:port
It can be tested locally and remotely.
Please just show your current browser (the screenshots are for ANY browser), nothing to do with the server (yet). First test outside, any client PC anywhere in the world, to know the error. From there we can conclude more.
Hi Peter.
My fellow experts have tried to help but it appears they're struggling to get info from you.
Could you please provide the below to help us out, for example:
- Server OS (e.g. server 2016)
- Host application(e.g. Apache or IIS)
- URL/FQDN you're trying to access/test is on (edited for privacy. e.g. https://www.domain.co.uk/website)
- FQDN(s) the SSL cert was purchased for (e.g. domain.co.uk or *.domain.com)
- SSL type/provider (e.g. Symantec Secure Site SSL).
- Info on the error/issue (e.g. screenshots, copies of events or application errors.)
That error means the name of the site (or other fqdn) you're accessing doesn't match the name on the certificate. For example, you're accessing www.mysite.com but the certificate is issued to www.mydomain.com.