SSL certificate have been widely used to enhance confidentiality and security for online transaction. However, the process of installing an SSL certificate may cause a few errors that prevent it from functioning properly. In this tutorial, let’s have an overview of the frequently-occurred SSL errors along with useful suggestions to fix them.
SSL Certificate Name Mismatch Error
Occasionally, your web browser (like Google Chrome) may flash an error like below. This kind of error is the so-called “SSL name mismatch” error.
Causes & Solutions:
- This happens when the common name/domain name in the SSL certificate couldn’t match the name typed in the URL bar. For instance, if the certificate is for www.business.com and you access this site using https://business.com (without “www”), then you will encounter this name error.
In this situation, access the website with full name (often includes “www” before a domain name) or better yet ask the website administrator to fix this issue.
- Another common reason for the error is that you’re accessing a server via an internal name but the certificate has been issued to a public or fully-qualified domain name.
To fix it, try a “Unified Communications” certificate (namely, multi-domain certificate) that includes both the internal and external names in the certificate.
- It’s also possible that a self-signed certificate rather than a server-specific security certificate has been installed on the server. If so, instruct your web browser to trust such a certificate or purchase and install an SSL certificate from a reliable certificate authority like Host4ASP.NET.
As shown, the provider fully supports single domain, multi-domain and wildcard certificates at a competitive price.
SSL Certificate Not Trusted Error
If a web browser states that the certificate is untrusted, it usually means that your certificate is not signed or approved by a trusted root certificate. Or this browser doesn’t link this certificate to a trusted certificate authority. The certificate details and its path can be viewed like below:
This certificate not trusted error often occurs for the following reasons:
Causes & Solutions:
- It can be caused by a free SSL certificate. Though free SSL certificated are currently issued by a host of companies, but you must manually import their root certificates to each browser.
If not, this untrusted error will come to bother you.
- Perhaps the certificate is not signed by one of the trusted root certificates. Often times, the “Trusted” root certificates are automatically embedded into most browsers, such as Firefox, Comodo Dragon and Internet Explorer.
Hence, a browser will treat the certificate that is not signed by those “Trusted” ones as untrusted and displays a warning message onscreen.
- This is possible that the website is now using a trusted SSL certificate that excludes an intermediate/chain certificate. Even if your certificate is issued by an accredited provider, it doesn’t mean that one of the intermediate certificates has been installed on the server.
The remedy is to install an intermediate/chain certificate with the help of certificate authority.
SSL Certificate Includes Insecure Items
If visitors click “Yes”, then all included items will be displayed from the insecure “http”. However the “No” option only includes those secure items. That means, the web page will fail to load certain important scripts or videos. To find out what element is not being loaded from “https”, test with WhyNoPadLock.com.
Causes & Solutions:
Below are some easy ways to fix this SSL error.
<img src="https://www.business.com/image.jpg" alt="" />
Note that, this method may not work if you’re loading a video or image from the site that hasn’t been encrypted with SSL. A wildcard certificate is a perfect option to set up SSL on the source page especially when a sub-domain is used to host all elements.
- Use relative links rather than absolute links. For a high volume site, change all links to just //. For example:
<img src="//www.business.com/image.jpg" alt="" />
In this way, a browser will load “/image.jpg” over “https”. This can be the most effective way to get rid of the annoying security warning.
- Change the web browser settings. It’s best to change the page code that generates the error, but you can also let the browser not to show that message by changing the browser settings.
Taking the Internet Explorer as an example, just go to “Tools” > “Internet Options” > “Security” > “Custom Level” and then enable the “Display Mixed Content” option.
- Implement SSL across the entire site. This can not only ensure much better security for the visitors, but also improve SEO rankings. If you have two copies of the content, remember to tell the search engine which one is authoritative. To do so:
- Point the link that contains “canonical” to “https” version and transfer the XML sitemap to the “https” version as well. In this way, the search engine like Google will index the SSL version of content.
- Redirect all of the “http” requests to the “https” version with a 301 redirect. Thus, your search engine page rank would be moved to the “https” version.
- Make sure the webmaster tools would refer to the “https” version and the robots.txt is also available over “https”.
Choose a Reliable SSL Certificate Authority? Try It!
Obviously, any minor improper deployment may raise an SSL error, and you are more likely to run into a knotty problem down the road. In this case, we recommend you to go with the following reliable SSL providers that have the highest level of service and support in the current market.