JIYIK CN >

Loading websites over the Secure Hypertext Transfer Protocol (HTTPS) is critical to network security. However, if we do not install the Secure Sockets Layer (SSL) certificate correctly, we may encounter many errors such as NET::ERR_CERT_COMMON_NAME_INVALID.

Admittedly, resolving this error can be a bit tricky since there are many possible reasons why it can appear in your browser. If you can narrow it down, resolving this SSL issue won’t take long at all.

In this article, we’ll explain what the NET::ERR_CERT_COMMON_NAME_INVALID error means and show how it appears in various browsers. Then we’ll share a few methods you can use to fix it.

Understanding what causes the NET::ERR_CERT_COMMON_NAME_INVALID error

Before we delve into what causes the NET::ERR_CERT_COMMON_NAME_INVALID error, let's understand some of the relevant terminology. The "common name" that this error refers to is the domain where the SSL certificate is installed.

For example, if our website is located at mydomain.com, then the Common Name on the SSL certificate will be mydomain.com. So, as the error message NET::ERR_CERT_COMMON_NAME_INVALID states, the underlying issue is that the Common Name on the SSL certificate is invalid for some reason.

Typically, this means that the name on the certificate does not match the domain it is installed on. However, there are other situations that may cause this message to appear in your browser, including:

• SSL certificates do not take into account www and non-www variations of a domain.
• Trying to switch your website to HTTPS without first installing an SSL certificate.
• The site has a self-signed SSL certificate installed, but the browser does not recognize its validity or security.
• Antivirus software is blocking the SSL connection.
• A browser extension is interfering with the website's SSL connection.
• The proxy settings are misconfigured.
• The browser cache or SSL state is corrupted.

As you can see above, many different factors can cause the NET::ERR_CERT_COMMON_NAME_INVALID error. This can make it difficult to determine the correct solution, but a little patience will help us resolve the issue.

Different displays of the NET::ERR_CERT_COMMON_NAME_INVALID error

We will delve into solutions for the NET::ERR_CERT_COMMON_NAME_INVALID error shortly. However, first, you need to be able to identify it in your browser.

Here’s what this problem looks like in the most popular clients on the web.

Google Chrome

Like many other HTTPS-related errors, Google Chrome indicates a common name mismatch by displaying a “Your connection is not private” warning:

We can see the specific problem listed below the main message (NET::ERR_CERT_COMMON_NAME_INVALID). Users seeing this screen can choose to continue accessing the site using HTTP.

But this message has the potential to scare away many potential visitors.

Firefox

Firefox offers a slightly different presentation style for common name mismatch errors. Under the heading “Your connection is not private,” it tells us that the website we’re trying to access is not configured correctly and recommends that we don’t visit it.

You may also see a message that reads "WARNING: POTENTIAL SECURITY RISK AHEAD":

It may also display a more specific error message below stating that the security certificate is invalid and is only configured to use the listed domain name.

You may also see the "SSL_ERROR_BAD_CERT_DOMAIN" code.

Safari

In Safari, the corresponding error message reads "Safari can't verify the website's identity" or "Safari can't open the page," followed by the domain that you were trying to access.

It may also state that the site's SSL certificate is invalid or that a secure connection cannot be established:

Safari's common name mismatch error message is a bit vague compared to other browsers.

If you see this error window, there may be other SSL-related issues behind it, so be sure to seek various solutions.

Internet Explorer

Internet Explorer cuts to the chase and informs us that "This site is not secure." It also says that there is a problem with the trustworthiness of the SSL certificate. This message may be followed by a few different specifications:

One of them indicates the problem is equivalent to the NET::ERR_CERT_COMMON_NAME_INVALID error in Chrome, which usually reads: "The security certificate presented by this website was issued for a different website's address."

It will also provide visitors with some potential solutions, such as adding or removing "www" from the URL they enter.

However, such fixes are only temporary. Persistent errors can still damage your site’s credibility and prevent it from increasing traffic, so it’s best to find the root of the problem and resolve it quickly.

Fix NET::ERR_CERT_COMMON_NAME_INVALID error

As we know by now, the NET::ERR_CERT_COMMON_NAME_INVALID error has many possible causes. Therefore, it also has many possible fixes. Here are a few ways we can try to fix this issue on our website.

1. Verify that the SSL certificate is correct

The most basic cause of a NET::ERR_CERT_COMMON_NAME_INVALID error is that the site's domain does not match the common name listed on the SSL certificate. Therefore, the first fix we'll try is to look at the certificate to determine if it is misconfigured.

In this post, we will show an example of resolving this error in Google Chrome. However, other browsers should allow us to accomplish the same results with similar steps.

First, click on the "Not Secure" warning in the URL bar. In the menu that opens, select **Certificate (Invalid)**:

This will open a small window showing the details of our SSL certificate:

The domain listed here should match the domain we are trying to access. If it doesn't, we know the certificate is misconfigured.

The best solution is to remove the certificate from your site and install a new one.

Verifying Wildcard SSL Certificates

The NET::ERR_CERT_COMMON_NAME_INVALID error gets a little more complicated when a wildcard SSL certificate is involved. This type of certificate is designed to encrypt data for multiple subdomains.

因此，不是在证书上列出一个通用名称，而是使用子域级别，例如 *.example.com。 如果安装了通配符证书并且看到 NET::ERR_CERT_COMMON_NAME_INVALID 错误，则可能意味着证书不涵盖我们尝试访问的子域。

在浏览器中验证 SSL 证书时请记住这一点。 另请注意，通配符 SSL 证书仅保护一个子域级别。 例如，我们需要为 *.example.com 和 *.subdomain.example.com 提供单独的证书。

验证 SAN 证书

SAN 证书可以加密指向同一站点的多个域的数据。 这可能包括 www 和非 www 变体、子域和顶级域 (TLD) 变体。

如果尝试访问的站点使用 SAN 证书，则在浏览器中验证 SSL 证书时可能需要做一些进一步的挖掘。

在 Chrome 中，单击证书窗口中的详细信息：

向下滚动，直到找到标有扩展主题备用名称的部分。 在它下方，应该会看到证书保护的所有域的列表。

2. 检查错误配置的重定向

如果将站点从一个域重定向到另一个域，并且没有在第一个域上安装 SSL 证书，则可能会导致错误。 例如，许多 SSL 证书不会自动考虑网站的 www 和非 www 版本。

假设我们将 www.example.com 设置为重定向到 example.com。 如果在 example.com 上而不是在 www.example.com 上安装 SSL 证书，那么可能会看到 NET::ERR_CERT_COMMON_NAME_INVALID 错误。

如果不确定我们的网站是否以这种方式重定向访问者，可以使用重定向映射器进行检查：

此工具仅检查我们网站的 HTTP 和 HTTPS 版本之间的重定向以及 www 和非 www 版本之间的重定向。

如果我们发现重定向干扰了 SSL 证书，我们可以尝试几种解决方案。 一种是将证书上的通用名称更改为正确版本的域。

还可以为我们正在重定向的域获取另一个证书或涵盖两个域的 SAN 证书。 对于通配符域，需要列出要加密的每个子域，而不是在它们之间重定向。

3. 确定您的站点是否使用自签名 SSL 证书

当通过 Let's Encrypt 或其他信誉良好的来源获得 SSL 证书时，它是由公认的证书颁发机构 (CA) 签署的。 自签名证书不受 CA 支持，而是由用户创建。

自签名证书不如 CA 认可的证书安全。 一些用户发现它们很有吸引力，因为它们是免费的，但 Let's Encrypt 也免费提供授权的 SSL 证书。 除了为内部服务器目的或本地主机使用设置一个之外，真的没有理由使用自签名证书。

由于它们不提供授权证书所提供的全面保护，浏览器通常会将使用自签名证书的站点标记为“不安全”。 在某些情况下，这可能会导致 NET::ERR_CERT_COMMON_NAME_INVALID 错误。

我们可以使用在本文前面描述的第一种方法检查证书的 CA。 此数据将列在证书信息弹出窗口中：

如果你认为站点使用自签名证书并且你也不是开发人员，那么最好的做法是联系为你开发站点的人员并要求他们将其删除。 这样，您可以用授权的替换它。

如果你有意安装了自签名证书，则可以使用浏览器对其进行身份验证以解决错误。 此过程因浏览器和操作系统而异，通常比简单地安装 Let's Encrypt 证书更困难。

4. 清除SSL状态和浏览器缓存

如果在证书配置中一切看起来都正确，但我们仍然看到 NET::ERR_CERT_COMMON_NAME_INVALID 错误，泽可能需要清除 SSL 状态。 浏览器可能会缓存 SSL 证书以加快加载时间。 如果刚刚安装了新证书，即使一切正常，那么仍可能会看到错误消息。

同样，此过程因不同的浏览器和操作系统而异。 我们将在此示例中关注 Chrome，但会展示如何在 Windows 和 macOS 上清除 SSL 状态。

对于 Windows，打开开始菜单并输入 Internet Options。 选择出现的相同选项，然后转到 Internet 选项窗口中的 Content 选项卡。 现在单击 Clear SSL Slate 按钮：

在 macOS 上，需要使用钥匙串管理器来清除 SSL 状态。 可以在 Chrome 中通过转到设置 > 隐私和安全 > 管理证书 来访问它：

查找尝试访问的域列出的证书。 右键单击它并选择删除：

系统可能会提示提供用户密码。

在这里删除证书应该会清除 SSL 状态并能解决 NET::ERR_CERT_COMMON_NAME_INVALID错误（如果是这个原因）。

清除浏览器缓存也是明智之举。 在 Chrome 中，这就像打开设置菜单并选择 More Tools > Clear Browsing Data：

还可以导航到 Privacy and security settings 指定要清除的数据。 只需确保从选项列表中选择缓存的图像和文件。

5. 评估代理设置

代理服务器用于路由 Web 流量以保持客户端或源服务器的匿名性。 如果代理设置配置错误，则可能会限制 Web 访问并导致各种问题，包括 SSL 错误。

为了防止此类问题，我们需要重置代理设置。 此过程因我们使用的是 Windows 计算机还是 Mac 计算机而有所不同。

无论使用哪种操作系统，都可以通过谷歌浏览器访问代理设置，方法是依次打开 设置 > 高级 > 系统 > 打开您计算机的代理设置：

如果使用的是 Windows，将打开 Internet 属性窗口。 单击 Connections 选项卡，然后选择 LAN Settings 按钮并选择 Automatically detect settings：

On macOS, this will open your system's Network settings window. Click the Proxies tab and select Automatic Proxy Configuration :

We can then try accessing the site again to see if the error has been resolved.

6. Browser extension conflicts

Like WordPress plugins, browser extensions don’t always play nicely with each other.

Some of these conflicts may interfere with your website's HTTPS connection, causing various errors.

To see if a browser extension might be causing the NET::ERR_CERT_COMMON_NAME_INVALID error, open the site in an incognito window:

This will reduce the impact of any extensions we have installed. If you can access the website normally in Incognito mode, then a browser extension may be the source of the error.

In this case, the best solution is to disable extensions one at a time to determine which one is causing the error. You can then remove the culprit to permanently resolve the issue.

7. Change your antivirus software settings

Likewise, antivirus software may block proper HTTPS connections. If you have such a program running on your computer, check its settings to see if HTTPS scanning is disabled. If so, you will need to enable it.

If you change this setting and the problem doesn’t go away, you might want to consider disabling the software entirely. If this fixes the NET::ERR_CERT_COMMON_NAME_INVALID error, then you can contact the antivirus program’s support team for further assistance.

Of course, we don’t want to disable our antivirus software for a long period of time, as this can pose a security risk. Therefore, it’s best to turn it back on while you wait for a response from support and follow their guidance to resolve the error while keeping your computer safe.

8. Update your browser and operating system (OS)

An outdated operating system can cause errors when trying to access certain websites, so making sure you're running the latest version of Windows, macOS, or Linux is a must to reduce hassles.

We also need to verify that the browser is up to date. To do this in Chrome, open the Settings menu and select Help > About Google Chrome:

We can check the browser version and turn on automatic updates here:

If Chrome isn't the latest version, opening this screen should automatically initiate an update.

Summarize

NET::ERR_CERT_COMMON_NAME_INVALID is a difficult problem to fix when it comes to browser errors. However, if we can narrow down what is causing the problem, we can quickly resolve the issue and maintain the credibility of our website with our visitors.

As a first step to fixing this error, start by checking the SSL certificate in your browser and looking for any misconfigured redirects. If those don't help, start looking at all the other areas we mentioned in that article.