Net err cert common name invalid как исправить

How to Fix ERR_CERT_COMMON_NAME_INVALID in Chrome

A brief guide to fix an SSL Common Name Mismatch Error: NET::ERR_CERT_COMMON_NAME_INVALID

cheapest ssl certificate

SSL error is also referred to as SSL connection error. The SSL is initials for Secure Sockets Layer. It is an error which may appear when one attempts to get a secure connection in a website server. Usually, the SSL error is a result of crummy executions of SSL Certificates. This results in the text being displayed in the when loading the website.

The ERR_CERT_COMMON_NAME_INVALID

ERR_CERT_COMMON_NAME_INVALID also known as SSL Common Name Mismatch Error is one of the SSL errors. It can be a consequence of misconfiguration of certificate in a server. It can also be caused by a third-party extension. It can also be caused by security programs in a computer among them being antivirus and firewall. The SSL common name mismatch error may appear as below screenshot.

Common Name Invalid SSL Error

How to Fix NET::ERR_CERT_COMMON_NAME_INVALID

When fixing the SSL error, it is paramount to identify the cause of the error. By identifying the cause of SSL common name mismatch error, the below techniques can be used to resolve the error.

Check date and time are correct

If the date and time are not properly set on your desktop, then your browser (chrome) will show ERR_CERT_COMMON_NAME_INVALID. You can fix the error by adjusting time and date on your PC.

Find out problematic extensions

First, we need to turn on Incognito mode in browser lets say chrome browser and check if the error persists or not. If the error is solved then there is no need to look for bad extensions but in another case, you should check one by one extension.

To do so, you need to disable all extensions which can be found in Click three dots >> More Tools >> Extensions. After that, trigger single extension and watch if the error goes by browsing website. Follow this process until you find a culprit extension. Once you find such an extension, you should delete it from a browser and fix the error.

Confirm that the correct certificate is installed

An SSL common name mismatch may occur between the domain and the certificate and this happens when you have installed the correct certificate, but the certificate does not cover the typed web address in the browser. There may be a different certificate installed on the domain name. This mismatch will result in “NET: ERR_CERT_COMMON_NAME_INVALID” this can be checked by confirming “issued to” domain information to the domain certificate.

As this error happens due to a mismatch between the domain and the certificate. , you need to check that the browsing domain and subdomain should be covered under SAN and wildcard certificate. SAN certificate counts each domain separately and wildcard certificate covers single-level subdomains. So if you are browsing domain or subdomain which is not covered by your certificate, then it may show an error.

Check for redirects and Non-WWW vs. WWW

It is not all SSL certificate that covers both non-WWW vs. WWW accounts of the website by default. You should stop redirection to www to Non-WWW or Non-www to WWW depend upon the domain you entered while purchasing the certificate. It is thus vital to confirm whether one’s browser is redirecting visitors compellingly to another part of the website. If so, adjustments should be made on the settings to eliminate the redirect.

For example, if you purchased wildcard SSL and if the main domain like domain.com is redirecting to www.subdomain.com then it will show error in the browser. In this case, the redirect is necessary it’s needful to get another SSL certificate to cover the redirecting of traffic to the domain of choice the error.

Check the site address is appropriate

One may change the site protocol to a secured HTTPs from unsecured HTTP due to curiosity. When one saves changes and the site has no SSL certificate either installed or bought, the site protocol is changed, causing “NET: ERR_CERT_COMMON_NAME_INVALID.” If one has WordPress, it is recommended not to put “S” before HTTP if the certificate has not been bought or and installed. It is appropriate to move back to WordPress account general settings and check the URL.

wordpress https settings

Clear SSL State

SSL common name mismatch error can be resolved by clearing if SSL cache is there. The following procedure can be used to correct the error. Open the internet properties then go to the content tab, then clear SSL cache, you click, and the error is resolved. On the chrome browser the process is as follows, go to settings, then show advanced settings, after that on the Change Proxy Settings click on the clear the SSL state and SSL common name mismatch error is corrected.

Clear SSL State

Check proxy settings:

If your proxy setting is not set to Automatically detect settings, you may face error and affect your browsing experience. This will restrict you to surf websites on your browser.

To solve it, you need to browse Internet properties by right-clicking on the Network Access icon and go to internet settings.

Here, you need to tap on Connection and click on LAN Settings.

internet properties - connections

Then, you will have a box where you need to check the box against “Automatically detect settings” and press the OK button.

local area network (LAN) settings

Now, check whether the error is solved or not. If not, you can try the next point described here.

OS & Browser should be up-to-date

The old or outdated browser and operating system frequently show such type of error and to outcome from this issue, you can update windows OS and update your browser. As there are new patches from developers rule out in available updates and that might be a cause pertaining to show such error. In case, if you are website owner, you should hear other users, if they are facing the same error then you should update your browser and OS also.

Self-signed certificate and different domains

This type of event happens when the SSL certificate is assigned to a different domain name or self-signed certificate is attached to that domain name. In the case of a self-signed certificate, which is used for internal server purpose, it will reflect error as most browsers do not trust the self-signed certificate as a legit certificate. You need to contact the developer to remove self-signed SSL and install new SSL on a domain. This, in turn, fixes the ERR_CERT_COMMON_NAME_INVALID problem.

Check for Antivirus/Firewall

It might be happening that antivirus is blocking SSL connection, be sure it should not be check marked with disabling https scanning in antivirus software. If you do not find such an option, then turn off software.

Conclusion

Websites are the gateway through which customers and the world at large get information about products offered. The most unfortunate thing in seeking information is when the very sought-after information is not accessible. The ERR_CERT_COMMON_NAME_INVALID is a challenge that can be resolved with a click of a mouse. The various steps enumerated above are very helpful in keeping information streaming to the intended recipients and the world at large.

Related Articles:

How to fix SSL Connection Error on Chrome?
Fix Mixed Content (nonsecure items) Error on SSL Secure Site
How to Fix SSL Connection Error on Android Phone
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error

Wildcard SSL

Quick Links

Free SSL Testing Tools
Download Free Site Seal
SSL Discount Offers

How to FIX ERR_CERT_COMMON_NAME_INVALID in Chrome

ERR_CERT_COMMON_NAME_INVALID is a very popular SSL error during loading the website. In most cases, the issue is due to certificate misconfiguration on a server. However, it may appear due to antivirus and firewall or another third-party extensions and software. Check the example of the error on the screenshot below.

err_cert_common_name_invalid

Fixing the NET::ERR_CERT_COMMON_NAME_INVALID error is not very difficult, but would takes some time and extra steps. You have to start by identifying the cause of mismatch error first.

Solution 1: Check date and time are proper

Your Chrome browser will show ERR_CERT_COMMON_NAME_INVALID error in case the date and time are wrong on your computer or mobile device. Please recheck and adjust it on your via PC settings.

Solution 2: Check browser extensions

Click the «three dots» button on the top right corner of your browser window
Select More tools and Extensions
Turn off extensions one by one to find culprit extension and delete it to fix the browser error.

Solution 3: Check Installed SSL certificate

In most cases the issue comes from wrong SSL installed, it may simply not support the correct domain name or sub-domain. That makes a real mismatch result. For example, you issued and installed SSL for www.domain.tld, but installed it for sub.domain.tld which is not protected. You can check that with your browser. In Chrome, you have to click to the «Not Secure» button located on the left side of the address bar, and then click to «Certificate». There you will see the details of SSL certificate using the field «issued to». The feature is available in most browsers.
You can also check that using Online SSL test by SSL Labs, that will be a more accurate result.
Make sure Self-Signed SSL is not in use, as they are used for internal server purposes only.

Solution 4: Protection of both with/without WWW

All Single Domain SSL certificates we sell protect WWW and non-WWW version of your domain name. However, there are some certs that do not protect it by default. In that case, you may have a problem using redirection from WWW to non-WWW or opposite option. The possible solution is to install a proper SSL certificate or remove any redirect and install Multi-Domain, or Wildcard SSL or even multiple single-domain SSL to protect all domains/sub-domains in use.

Solution 5: For WordPress users

a purchase an SSL certificate and install it your web server;
or changing HTTPS back to HTTP to enable your website without any protection and encryption of transmitted data.

SSL_ERROR_CERT_COMMON_NAME_INVALID

Solution 6: Clear the SSL cache

For IE/Edge. You have to open the Internet properties and find the «Content» tab, there will be a button to «Clear SSL state».
For Chrome browser the process is similar, click «Three dots» button on the top right side of the browser, find the «Settings». There you will find «Advanced settings» at the bottom of a page. Now find «Open Proxy Settings» and there you will see the «Content» tab with «Clear SSL state»

SSL_ERROR_CERT_COMMON_NAME_INVALID

Solution 7: Proxy settings

You may have limited browsing experience if Automatical detection of settings is not set via proxy setup. The solution is a Right-click on the Network Access icon to see Internet Properties. Tap on the «Connection» tab and then to «LAN Settings».

SSL_ERROR_CERT_COMMON_NAME_INVALID

You will see a new window where you have to click to checkbox near the «Automatically detect settings» if it is not checked already. Once done, you can retry opening the website to see if error was solved.

SSL_ERROR_CERT_COMMON_NAME_INVALID

Solution 8: Update OS and Browser

The classical idea is to make sure your OS and Browser is Up to Date as old or outdated software may bring unexpected issues. The developers are working hard to create new patches and bug fixes, so that is critical to have an updated system.

Solution 9: Checking your Firewall/Antivirus

We suggest checking Firewall and Antivirus settings and LOG files to be sure they are not blocking the website you are trying to visit. Review the blocking reason carefully, if you found a block, as probably they are trying to secure you from a malicious website. We do not suggest switching off Antivirus.

Conclusions to summarize

You can clearly see that there are multiple possible issues that may bring you to error FIX ERR_CERT_COMMON_NAME_INVALID . However, it is known error and there are quite easy steps to fix the issue. Check data/time of your PC, browser extensions, try to clean SSL cache, recheck Proxy settings and update OS with Browser to latest versions. That should definitely help. Good luck!

Connection failures due to SSL certificate errors with Citrix Workspace app for Chrome / Citrix Receiver for Chrome

Connection to StoreFront/VDA will fail and may show cannot connect to server error or some SSL Certificate error in console logs. One of the reason could be invalid SSL certificate.

User-added image

Applicable Products:

Citrix Receiver for HTML5, Citrix Receiver for Chrome, Citrix Workspace app for Chrome, Citrix workspace app for HTML5

Solution

Recommended solution: Update the certificates.

Alternatively, you can try this workaround:

User-added image

Close the Citrix Workspace app for Chrome / Citrix Receiver for Chrome.
Open Chrome browser in your Chromebook.
Visit your site.
It will show some error as below.

Now, open the Citrix Workspace app for Chrome or Citrix Receiver for Chrome and it might allow you to access your StoreFront/VDA.

Other possible workaround for specific certificate error:

NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error
Latest Firefox and Chrome browsers do not support SHA-1 certificate and StoreFront connection fails with error: NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

Citrix Receiver for Chrome/HTML5 or Citrix Workspace app for Chrome/HTML5 cannot establish secure connection and session launch will fail
NET::ERR_CERT_COMMON_NAME_INVALID error
Chrome requires Subject Alternative Name for SHA-2 certificate, without SAN (Subject Alternative Name) in the SHA-2 certificate, the connection will fail with error NET::ERR_CERT_COMMON_NAME_INVALID

Session launch fails with CERT_COMMON_NAME_INVALID(-200) error dialog

Workaround for NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM and
NET::ERR_CERT_COMMON_NAME_INVALID:
- Mozilla: Enable network.websocket.allowInsecureFormHTTPS from about:config
- Chrome:
  Chrome by default requires SHA2 Certificate with Subject Alternative Names (SAN)
  Add the following registry keys at : Software\Policies\Google\Chrome\
- EnableCommonNameFallbackForLocalAnchors – true
  (Note: Chrome need SAN by default)
- EnableSha1ForLocalAnchors – true
  (Note: SHA1 is not supported)
  Recommended Solution: Use SHA2 certificates with Subject Alternative Names (SAN). Problem Cause:
- CTX134123 — Receiver for HTML5 — Unable to Launch Apps Using HTTPS URL
- CTX217352 — How to Collect Logs in Receiver for Chrome and Receiver for HTML5
NET::ERR_CERT_SYMANTEC_LEGACY
From Chrome OS version 66 onwards the SSL certificate from Symantec is distrusted. You can go through https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html to know more about it.

Workaround: Try general workaround mention above.
Recommended Solution: Update SSL certificates.