SSL Certificate Name Mismatch Error

 "The security certificate presented by this website was issued for a different website's address."

Name Mismatch Error in Internet Explorer 7

The name mismatch error indicates that the common name (domain name) in the SSL certificate doesn't match the address that is in the address bar of the browser. For example, if the certificate is for www.paypal.com and you access the site without the "www" (https://paypal.com), you will get this SSL certificate name error. If you aren't the website administrator you will want to always access the site with the full name (usually include the "www." before the domain name) or ask the website owner to fix the problem.

If you are the website administrator, you will usually want to forward all traffic without the "www" to an address with the "www" and get an SSL certificate with the "www" in the common name. That way you will completely avoid the name mismatch error. Some certificate authorities get around this problem by issuing a certificate with SANs. So you can get a certificate for paypal.com and include a SAN of www.paypal.com so you don't get a name mismatch error. Another common reason for this error is if you are accessing a server using an internal name when the SSL certificate on it just has the public name on it. In this situation you can get a UC certificate that has both the external public name and the internal server name in the certificate. You can verify whether you will get a name mismatch error by using our SSL Checker.

Most web browsers make it clear that you shouldn't just continue when you receive this error. This is because, while most of the time it doesn't, it could indicate that a phisher is trying to pass a website off as a legitimate site. You shouldn't have to continue through this error message on legitimate web sites.

This error is often phrased differently depending on the web browser. These are some common ways the name mismatch error is stated in other browsers:

Different name mismatch errors in different web browsers

Web Browser  Error Message
 Internet Explorer 6  "The name on the security certificate is invalid or does not match the name of the site"
 Internet Explorer 7

 "The security certificate presented by this website was issued for a different website's address."

 Firefox 2

"You have attempted to establish a connection with "www.paypal.com". However, the security certificate presented belongs to "paypal.com.phishingsite.com". It is possible, though unlikely, that someone may be trying to intercept your communication with this web site.

If you suspect the certificate shown does not belong to "www.paypal.com", please cancel the connection and notify the site administrator."

 Firefox 3  "www.phishingsite.com uses an invalid security certificate. The certificate is only valid for: www.paypal.com"
 Safari 3  "This certificate is not valid (host name mismatch)"

 

Name Mismatch Error in Internet Explorer 6

Name Mismatch Error in Firefox 2

Name Mismatch Error in Firefox 3

Name Mismatch Error in Safari 3

Originally posted on Thu Nov 6, 2008

Comments (19)

  1. sagar:
    Aug 24, 2014 at 09:40 AM

    Your certificate is *.myherbalife.com therefore when the web site has two or more "." (periods) to left of myherbalife then you will get the mismatch error. The * portion of your URL refers to a wildcard however with SSL if you have a "." as part of wildcard portion you will get this error. Suggest changing your DNS to use "-" instead of a "."

  2. Vinayak:
    Aug 19, 2014 at 03:43 AM

    Hi, I am facing issue while accessing one site getting the certificate of different site where as both the site are binded with different IPs on same server. i.e - If I am accessing www.xyz.com I am getting the certificate of www.pqr.com.

  3. Sandeep:
    May 13, 2014 at 05:05 PM

    if we have 2 profiles on WAS server with the same sub domain can we use the same SSL for both? would it still show this issue?

  4. Megini:
    Jan 10, 2013 at 10:30 PM

    I am recieving this error after dns records were pointed to a new server where the site would be hosted the current server uses a certificate that can be used more than once is there a way of fixing this at all?

  5. Nick:
    Oct 02, 2012 at 07:23 AM

    When i use the SSL checker with my Domain of www.limosa.com.au it comes up with someone elses domain name... what does this mean? i have no affiliation with this other domain and i am getting annoyed that i cannot read emails on my devices because they dont match up. Cheers, Nick

  6. Andjelko:
    Jul 10, 2012 at 12:14 PM

    Ander, thank you for your tip, it worked fine. Muchas gracias! :)

  7. Niti:
    Jul 02, 2012 at 10:22 PM

    Is there a way by which we can allow web application access with multiple URLS viz., using IP address (say 151.34.25.190), hostname (say 01hm45678) and complete hostname (say 01hm45678.india.com). The user should be able to access the we app using either of the URLs without giving any certificate error.

  8. Robert:
    Jan 27, 2012 at 09:37 PM

    Hi AR, It sounds like your host is just using a shared certificate on your site. It would be more secure to use a separate certificate for your site, but you should be fairly safe to click through the warnings in this case.

  9. AR:
    Jan 24, 2012 at 11:28 AM

    I have a Mac and use Macmail, I haven't made any changes to our email or site logins or certificates however I'm getting the dialog "Mail can't verify the identity of "gives our mail server #" (which is the correct #). You might be connecting to a server that is pretending to be "number" .... I clicked "Show Certificate" and it gave me GeoTurst Global CA > .securesites.com. "This certificate is not valid (host name mismatch). I called our web host, Verio, and they said for now just Connect each time, don't click "Always trust". this happens every time I open my email client. Could it be pisching or is this authentic? Can I click "Always Trust"?

  10. Brasuca:
    Oct 20, 2011 at 04:41 AM

    Hi, I have two subdomains: www.domain.com (with webserver configured to serve using SSL certificate issued for www.domain.com) xxx.domain.com (with webserver configured to serve using SSL certificate issued for xxx.domain.com) domain.com redirects to www.domain.com My issue is, whenever I access xxx.domain.com using IE8 I get a "Name Mismatch Error". If I access www.domain.com or if I access using Firefox, Chrome, or Safari, everything works fine. Any clues? Thanks!

  11. marwan:
    Sep 09, 2011 at 09:51 AM

    i can't uploade from my wibe sit to server tise error Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Source Error: Line 210: 'File.Copy(img_path.PostedFile.FileName, "c:\") Line 211: Line 212: File.Copy(img_path.PostedFile.FileName, Server.MapPath("fimal\" & img_path.FileName), True) Line 213: TB1.Text = "fimal/" & img_path.FileName Line 214:

  12. ikye:
    Sep 07, 2011 at 03:44 AM

    it tells me domain name mismatch when i open a particular website, pls what do i do to solve this problem. thanks

  13. Sonic Bass:
    Mar 03, 2011 at 01:42 AM

    Ive got this issue using a watchguard firebox with single sign on. nightmare.

  14. Ander:
    Oct 26, 2010 at 09:39 AM

    Hello, As Robert says, if you have a wildcard certificate for one domain, yo won't have the error if the website is like service1.dominio.com service2.dominio.com ..... But if you use it for a websike like service1.city.dominio.com service2.city.dominio.com ..... you will get it, because the wildcard certificate it's only for the services in "dominio.com", not for the subdomain "city.dominio.com". Anyway it's a valid certificate, as for "city.dominio.com" like for "dominio.com", the problem is the message (it doesn't look nice). Internet Explorer have the option to disable it, but you need to do that in each IE client, so it's not very effective. This otion is in Internet tools/Advanced Options/security/, it's something like "Notify abaut the not mattching in the adress of the certificates" (I have it in spanish, so it's not exatly this, but something like this).

  15. Paul:
    Aug 24, 2010 at 02:07 AM

    CA are offering wildcard services which allows an organisation to release SSL fast but this results in a cert error. Does anyone know the best set-up for a wildcard entry to avoid the error message to the end user?

  1. 1
  2. 2




Allowed tags: <b><i><br>Add a new comment: