Common SSL certificate errors and how to fix them
SSL certificates provide a wide range of benefits to website owners, security being the prime among them. Like software products, SSL certificates are also issued by separate vendors who follow their own software writing methods and processes. SSL certificates from different Certificate Authorities might behave differently under various circumstances.
SSL helps keep data safe from the Web to the end users Browser.
A good SSL tutorial - SSL on YouTube
As a result, it is possible that they throw up errors, some of which first time certificate users may not be able to understand or rectify on their own.
In most cases, these errors could also be warning issued by the certificate to alert the user against system and network compromises that can lead to damage.
In other cases, it could possibly be an internal error which can be easily rectified.
Here are some such common errors related to SSL certificates and how they can set right.
Name mismatch in web browser error
The name mismatch in web browser is a common error message that SSL certificates throw when the user visits a website that has the SSL certificate originally issued for another domain. This could happen if the domain name in the certificate could be wrongly spelt or the domain is not covered in the certificate scope at all.
The error message will read as:
In Internet Explorer: "The security certificate presented by this website was issued for a different website's address."
In Mozilla Firefox: www.example.com uses an invalid security certificate." or "The certificate is only valid for the following names: www.otherdomain.com, otherdomain.com"
This typically happens when the name mismatch between the domain name as in the SSL certificate and the website as spelled in the URL. This does not necessarily happen when there is an actual name mismatch, but also when the website is accessed using a separate IP or internal name other than the one it is actually issued for.
The name mismatch error in web browser is bound to happen if you have an SSL certificate registered for the domain of www.example.com, but your website URL reads something like:
How to rectify the name mismatch error in web browsers?
As said earlier, the error typically happens if you enter a wrong domain name while purchasing the SSL certificate. Or it could be because you have multiple domains but have only one certificate to secure them all.
In such a situation, it is warranted to buy Multi-domain (SAN) certificates which will secure multiple domains without the problem of conflicting domain names or misspellings.
SSL certificate not trusted for this website error
The last thing you want to hear is that the very SSL certificate which is set up to secure the website itself is not trustworthy. Ironically, it is a common happening that strikes SSL certificates which are not linked to trust ‘anchors’ or those owned by accredited Certificate Authorities (CA).
The SSL certificate not trusted error can arise due to two reasons:
The website owner has not followed the right method for installing it
The website uses a self-signed SSL certificate
The installation process involving setting the certification path for the SSL certificate and its associated domains. The web browser uses this certification path to check the trustworthiness of the website before granting access or throwing up an error.
Most CAs attach a bundle of file that the website owner must configure properly to complete the certification path. If any intermediary website is missed out or is not properly configured it will alert the visitor that the SSL certificate is not trusted.
Using a self-signed SSL certificate
Website owners often sign SSL certificate themselves for internal purposes. Self-signing certificates can be generated freely and are ideal for intranet used by employees. However, they are strictly forbidden for commercial websites that process payment and other sensitive information of customers.
How to fix this certificate is not trusted error?
If you are using a self-signed certificate, it is better not to use it for external purposes like customer checkout or login pages. Secondly, ensure that your installation process is perfect from begin-to-end. Make sure all intermediate pages are also incorporated into the certificate to prevent the dialogue box from popping up unnecessarily.
Mixed content error
A mixed content error is the warning that not all of your website’s content is protected. It happens when a web page containing both HTTP and HTTPS content is served to the web browser.
The problem with mixed content errors is that hackers can still read the message, find out loopholes and attack it directly.
From the user perspective, they can react to this in two ways. First, some users may tend to ignore the message and try to access the unsecured content putting their own safety at risk. When a security breach occurs, the blame will fall on the brand and damage it’s reputation.
Secondly, there are users who will pay heed to the message and abandon the page right away. This again is hurtful for the website, since the probability of the visitor revisiting the website is minimal. This is fatal if the website is an eCommerce one that is reliant on traffic and first impressions.
How to fix mixed content errors?
The mixed content error can be fixed by doing a quick search for HTTP content in the source code of the respective pages. Redirect these content to HTTPS to fix the mixed content error. Once the redirect is complete, there should not be any more errors or warning messages.
Winding it up
Although SSL certificates are easy to configure and setup, sometimes website owners tend to make mistakes or choose the wrong configurations that lead to error messages.
These are some such common error messages that can set right easily without any extra effort. Avoid them and save yourself from wasting time and energy. Also, keep your customers from logging out of the page seeing discouraging warning messages.
Author: Dan Radak is a web hosting security professional with ten years of experience. He is currently working with a number of companies in the field of online security, closely collaborating with a couple of e-commerce companies. He is also a co-author on several technology websites and a regular contributor to Technivorz.
Reference articles - http://myalfahost.com/security/ssl-certificate
SSL troubleshooting with Wireshark by Sake Blok