SSL Certificate Name Mismatch Error
"The security certificate presented by this website was issued for a different website's address."
The name mismatch error indicates that the common name (domain name) in the SSL certificate doesn't match the address that is in the address bar of the browser. For example, if the certificate is for www.paypal.com and you access the site without the "www" (https://paypal.com), you will get this SSL certificate name error. If you aren't the website administrator you will want to always access the site with the full name (usually include the "www." before the domain name) or ask the website owner to fix the problem.
If you are the website administrator, you will usually want to forward all traffic without the "www" to an address with the "www" and get an SSL certificate with the "www" in the common name. That way you will completely avoid the name mismatch error. Some certificate authorities get around this problem by issuing a certificate with SANs. So you can get a certificate for paypal.com and include a SAN of www.paypal.com so you don't get a name mismatch error. Another common reason for this error is if you are accessing a server using an internal name when the SSL certificate on it just has the public name on it. In this situation you can get a UC certificate that has both the external public name and the internal server name in the certificate. You can verify whether you will get a name mismatch error by using our SSL Checker.
Most web browsers make it clear that you shouldn't just continue when you receive this error. This is because, while most of the time it doesn't, it could indicate that a phisher is trying to pass a website off as a legitimate site. You shouldn't have to continue through this error message on legitimate web sites.
This error is often phrased differently depending on the web browser. These are some common ways the name mismatch error is stated in other browsers:
Different name mismatch errors in different web browsers
Web Browser | Error Message |
---|---|
Internet Explorer 6 | "The name on the security certificate is invalid or does not match the name of the site" |
Internet Explorer 7 | "The security certificate presented by this website was issued for a different website's address." |
Firefox 2 | "You have attempted to establish a connection with "www.paypal.com". However, the security certificate presented belongs to "paypal.com.phishingsite.com". It is possible, though unlikely, that someone may be trying to intercept your communication with this web site. If you suspect the certificate shown does not belong to "www.paypal.com", please cancel the connection and notify the site administrator." |
Firefox 3 | "www.phishingsite.com uses an invalid security certificate. The certificate is only valid for: www.paypal.com" |
Safari 3 | "This certificate is not valid (host name mismatch)" |
Originally posted on Thu Nov 6, 2008
Comments