Praxent

How to Fix an SSL Certificate Name Error

Praxent

How to Fix an SSL Certificate Name Error

An SSL (Secure Sockets Layer) certificate name error can pose a potentially huge security risk, not to mention negatively impact your organic rankings. Unfortunately, the root cause of the error could be any number of issues. Here is our recommended process for identifying the problem and step-by-step instructions for implementing a solution.

>> Is your new website not performing? If so, you’re not alone. Lots of agencies build beautiful websites that simply don’t work for business. Our business is to pick up their slack — just like we did for this successful semiconductor company.

Understanding SSL Certificates and HTTPS

An SSL certificate is a website’s proof of being a safe site. When first adopted in the 1990s, these certificates were primarily issued for those pages of a website that require end-users to input sensitive information. Websites employed SSL certificates for login pages, payment pages, or other online forms; however, many neglected to implement the same security for the rest of the pages on the site.

In 2014, a vulnerability was discovered in OpenSSL, a popular toolkit used for implementing SSL. Dubbed the Heartbleed Bug, this vulnerability rendered unsecure user-entered information, even on SSL certified pages. Once thought to be protected because of the SSL certificate on login forms, payment pages, and the like, in fact, user information was vulnerable once the page redirected to a non-secure section of the site.

Though user-entered data is technically secure on login forms or payment pages that are SSL certified, the Heartbleed Bug means that security is compromised as soon as users enter the site beyond the login form or click through to another page on the site.

In April 2014, major security providers like Cloudflare released a patch for OpenSSL that fixed this vulnerability. However, as a result of the Heartbleed discovery, search engines intensified their stance against websites that are not SSL certified or send users to non-secure sites. These sites are penalized in search results and produce warning pop-up messages to visitors upon navigating to the site.

You can recognize an SSL certified, secure web page by the “https” at the beginning of its URL rather than “HTTP.”

How to Fix an SSL Certificate Name Error in Pantheon and Cloudflare

Here are some examples of an SSL Certificate Name Error message:

  • CHROME: “Subject Alternative Name Missing,” or “NET::ERR_CERT_COMMON_NAME_INVALID,” or “Your connection is not private.”
  • FIREFOX: “www.example.com uses an invalid security certificate,” or “The certificate is only valid for the following names: www.otherdomain.com , otherdomain.com.”
  • INTERNET EXPLORER: “The security certificate presented by this website was issued for a different website’s address.”

We’ve identified seven potential issues that could be causing a domain name mismatch. As you work through a solution, be aware that more than one of these issues could be working together to cause the problem.

1. A significant number of links on your site pointing to a non-secure version of your website.

If you are redirecting visitors to a non-secure version of your website — in other words, a page that is not SSL certified — the first question to ask is, “Why?”

In some cases, users are directed to non-secure pages within a website because only select pages of the site have an SSL certificate. As mentioned earlier, it used to be common for websites to only secure pages where users had to enter sensitive information. But since the Heartbleed Bug, it is now commonly understood that any trustworthy web page will be an HTTPS page.

So, if you’re simply lagging behind the times, you can solve this name error by obtaining an SSL certificate for your whole website. You can apply through your CDN company or whoever hosts your site.

If your whole site has HTTPS status, but you are still getting this error. It’s time to dig into those links and find out what’s causing the mismatch.

When you originally built your website, the version you started with was non-secure. After obtaining an SSL certificate, the whole site should automatically redirect to your secure site. However, it’s possible that you may have placed internal links throughout your site that are directing visitors to the previous, non-secure, root versions of those pages.

We’ve seen this happen when site owners migrate their websites from one host to another, say from WP Engine to Pantheon. In that situation, Pantheon migrates any internal links using the dev site URL (which looks something like “dev.pantheon.io”). This is a precautionary measure that allows you to make corrections or fix any errors before going fully live.

The catch is that you have to remember to update those links once you’re ready to go live.

SSL Certificate Name Error / How to Update Non-Secure Links in Cloudflare:

  1. Log in to Cloudflare and navigate to “Crypto” from the main menu. This is where you’ll find the SSL settings for your website.
  2. Scroll down to “Automatic HTTPS Rewrites” and toggle the setting to “on.” This setting will change “http” to “https” for all resources or links that have an HTTPS version available.

2. Missing an automatic redirect to the HTTPS version

Because of Google’s latest measures to protect users from non-secure websites, when a visitor navigates to a non-secure web page they receive one of two warnings. In some situations, the entire page will either completely stop and the browser will present a window message offering the visitor a chance to go back to their search results. In other situations, a little, grey image of an eye will appear at the top of the browser next to the URL. Clicking on this image brings up a message explaining that the site may pose a potential security risk.

When the secure version of your site goes live with an SSL certificate, most website hosts will automatically redirect the original, non-secure, HTTP version of your site to the newly secured, HTTPS version.

If you are getting an SSL Certificate Name Error, however, it’s possible that somehow visitors are accessing your original HTTP site, rather than being automatically redirected to the secure version.

How to Set Up an HTTPS Automatic Redirect in Cloudflare:

  1. Log in to Cloudflare and navigate to “Crypto” from the main menu. This is where you’ll find the SSL settings for your website.
  2. Scroll down to “Always Use HTTPS” and toggle the setting to “on.” This setting will ensure that visitors are always directed to the secure version of your site, even if they somehow try to navigate to the HTTP version.

3. Using older, vulnerable versions of OpenSSL instead of Fixed OpenSSL

After the Heartbleed Bug was discovered, security providers updated OpenSSL to fix the bug. This updated version was released on April 7, 2014. Now, any version that is OpenSSL 1.0.1g or later is Fixed OpenSSL, meaning that it is not vulnerable to the Heartbleed Bug.

To correct the Heartbleed Bug vulnerability for websites using SSL certificates, the server owner must install Fixed OpenSSL. Major hosting companies such as Cloudflare, BlackMesh, Heroku, and the like have already done so. But if you own and manage your own server, this is a step you’ll have to take yourself.

As an extra precaution, servers that used prior, vulnerable versions of OpenSSL should also reissue new private keys and SSL certificates to sites on the server.

4. A mismatch between the SSL certificate common name (domain name) and Domain registered name on Cloudflare

If your website uses Cloudflare to handle encryption and distribution, you’ll have to make sure all domains and subdomains are registered in the system. This includes both your root domain and www version of your domain. If you forget to register these in Cloudflare, they will miss out on the encryption and other security measures executed by Cloudflare. Search engines will likely red-flag these domains or subdomains, as a result.

How to Properly Register Domains and Subdomains on Cloudflare:

  1. Log in to your domain registration account and navigate to your DNS records. To find these on Pantheon, select the “Live” tab, then navigate to “Domains / HTTPS.” From the list titled “Domains on the Live Environment,” click each domain or subdomain to view the corresponding DNS records.
  2. Log in to Cloudflare and navigate to DNS Records.
  3. Compare the DNS records in your domain registrar with what you have registered in Cloudflare.
  4. If you have DNS records in your domain registrar that are not listed in Cloudflare, register those missing records on Cloudflare.
  5. Check for any discrepancies in the fields for A, CNAME, and MX records. Make sure the spelling and information listed for each record on your domain registrar is exactly replicated in the corresponding record on Cloudflare.
  6. Be sure to make your changes within Cloudflare to match what’s listed in the registrar, not the other way around.
  7. If you’re using Pantheon, you can easily register a CNAME record in Cloudflare starting from the “Domains / HTTPS” section of your Pantheon dashboard.

To do this, click on the subdomain to view its corresponding DNS records. Scroll down to CNAME and copy the corresponding link under “Required Values.”

On the DNS Records page in Cloudflare, fill out the fields for adding a new record at the top of the page. Select CNAME and enter a name for the record. In the “Domain” field, paste the live link you copied from Pantheon. Then click “Add Record.”

5. Your site is “gray clouded” on Cloudflare

If your sub-domain is registered on Cloudflare, it will have an orange cloud in the listing on your Cloudflare dashboard. Any A or CNAME subdomain record should be registered and marked by orange-cloud status on Cloudflare.

If the sub-domain for one of your website’s pages is showing a gray cloud on Cloudflare, simply change this by toggling the cloud to orange.

For web pages to which you are not sending web traffic, the status on Cloudflare should be a gray cloud. This includes domain records such as mail, ftp, or ssh.

6. Do you have a significant number of non-secure URLs on your site?

If you failed to turn on the automatic https rewrites as previously stated, then any internal links pointing to http URLs may be considered suspicious. If this was not intentional (or those links were not added manually) then the typical cause happens during deployment. When deploying your site or migrating to Pantheon, you start by moving everything to the test environment in Pantheon. This allows you to make sure your website is error-free before going live.

Once you’re ready to go live, you have to clone the newly migrated site from the test environment, replicating it in a live format. On the test version of your site, all internal links navigate strictly within the test version of the site. If your test environment is not secure, any internal links that remain in the live version from the test version are red-flagged by search engines. Luckily, you can quickly and easily avoid that situation.

How to Convert Non-Secure URLs in Pantheon:

  1. Log in to Pantheon.
  2. Select your website.
  3. Navigate to “Live” from the top menu.
  4. Navigate to “Database / Files,” then “Clone.” This is where you replicate the test version of your site and make it live.
  5. Scroll down to “Convert URLs in the Database.”
  6. In the “From” field, select the test version of your links. These begin with “dev.”
  7. In the “To” field, select the live version. These begin with “live.”
  8. Scroll down to “Convert URL’s Protocol to,” and select “https.” Any other options here would direct traffic to the non-secure version of your site, resulting in red-flags on search engines.

7. Users are required to input a password on an HTTP page

Solve this problem by automatically redirecting all HTTP pages to the secure, HTTPS version of your site. If you’re not sure how to do that, read step two of this bulleted list.

Learn More

We build custom websites and web applications that help your business grow. Our exhaustive approach covers all your bases, from CMS development and e-commerce configurators to API enablement, SEO setup, and more. Discover a web application development company that gets the job done right.