Certificate name mismatch

"To prevent browser warnings, use an SSL certificate with a common name or subject alternative name that contains the fully-qualified domain name of the server that hosts the certificate."

Problem

If the domain name (FQDN) in the TLS/SSL certificate doesn't match exactly the domain name displayed in the address bar of the browser, the browser stops the connection to the website and displays a name mismatch error. Errors create mistrust when connecting to a site and can cause clients to avoid your site (see Name Mismatch in Web Browser).

When you order a TLS/SSL certificate, the domain name on the TLS/SSL certificate must match the domain name for the website shown in the address bar of the browser exactly. For example, to get a certificate for www.example.com, you must add www.example.com as a common name or SANs (FQDN) in the order form.

Possible reasons for receiving the mismatch error

  • Self-signed certificates
    Self-signed certificates are often automatically generated and don't use the correct domain name (FQDN).
  • Exact domain name (FQDN) misspelled
    Occasionally, typos happen when filling out the order form for a TLS/SSL certificate.
  • Wrong type of TLS/SSL certificate
    Not all certificates are created the same. For example, a Standard SSL certificate automatically secures both www.example.com and example.com. If you want a Multi-Domain SSL certificate to secure both www.example.com and example.com, you must add both FQDNs to the certificate order form.

Solution

  • Use only certificates issued by a trusted Certificate Authority (CA), such as DigiCert.
  • Reissue/renew certificate with the exact domain name spelled properly.
  • Order the correct type of TLS/SSL certificate for the situation.