A Name Mismatch in the Web Browser occurs when the common name listed on an SSL certificate doesn’t match the name displayed in the URL bar. In order for an encrypted connection to commence, both the name on the certificate and the name in the URL have to match.
Name Mismatch errors across different browsers
Different browsers will show different error messages when there is a name mismatch issue. Below are some of the most common:
Chrome – Your connection is not private. Attackers might be trying to steal your information from wrong.host.badssl.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
Firefox – Your connection is not secure. The owner of wrong.host.badssl.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
Edge – This site is not secure. This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.
Safari – This Connection Is Not Private: This website may be impersonating “wrong.host.badssl.com” to steal your personal or financial information. You should close this page.
What causes it?
A Certificate Mismatch error can occur for a number of reasons :
- The website was accessed via an IP address or an internal host name, but the certificate was only issued to the public facing fully qualified domain name.
- The certificate was issued to example.com, but the website was reached via www.example.com. WWW is technically a sub-domain. Most certificates secure both WWW and non-WWW variations, so this is typically not the cause.
- Multiple websites are hosted on the same IP address as is typically the case in shared hosting environments. The issue is that the SSL handshake occurs before the browser can request the host name via an HTTP header. This in turn leaves the server without enough information on which SSL certificate to provide and may result in the wrong certificate being sent or an error being generated. This isn’t a problem if you have SNI. Additionally, a Multi-Domain SSL certificate can also prevent this issue.
How to resolve?
You can check for Name Mismatches using our SSL Certificate Checker tool.
Resolving this error depends on the reason its occurring in the first place, so solutions to this problem can vary greatly but will almost always involve adjusting the configuration of your website. If you’ve identified the issue, but are struggling to troubleshoot, our installation team would be glad to help.