Brief Account on SSL Certificate Technical Errors

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 4.50 out of 5)
Loading...

If a user has a website/software/application that they intend to secure by using strong encryption standards or digital signature, then he/she must install an SSL (Secure Socket Layer) certificate or a Code Signing certificate.

By using an SSL certificate, one can increase their users’ and customer’s trust in order to enhance the business’ growth rapidly. By protecting against cyber attacks, these certificates help to secure online e-commerce transactions and customers’ sensitive information (like credit-card/debit-card data). An application or a software that is secured with a Code Signing certificate tends to get the maximum number of downloads and good reviews from users.

The process of installing a SSL certificate can sometimes lead to few errors that can disrupt its proper functioning, especially if the certificate is used by a person who doesn’t have much experience in handling an SSL certificate. And you might be wondering how to get rid of certificate error. Well, we carried out a little research on SSL errors and listed solutions based on our SSL experts’ comments to resolve these errors. The list is as follows:

List of SSL Certificate Technical Errors (SSL Connection Error)

SSL Error 1. ‘This SSL certificate is untrusted’

If you visit a website and your browser gives out a warning, “This site’s security certificate is not trusted”, then it indicates that the certificate in question is either not signed by a trusted root certificate or that the browser is not able to link that certificate with the trusted root certificate.

If the certificate is indeed signed by a trusted certificate authority (CA) then such warning indicates the possibility that one of the intermediate/chain certificates is not installed on the web server in between the primary and root certificate. To check the ‘Certification Path’ in internet explorer, open ‘Certificate Details’ and click on the ‘Certification Path’ tab. You must contact your certificate authority if you have any problem in installing intermediate/chain certificate.

SSL Certificate Path

 

SSL Error 2: The SSL certificate not issued by a trusted certificate authority

SSL Certificate is Not Trusted

When you see an error on your browser that reads “The certificate is not issued by a trusted certificate authority”, then it means that your browser cannot trust the certificate as it is not approved or signed by a trusted certificate authority. Here are few reasons that cause this error.

  • The website is using self-signed certificate: Self-signed certificate can be created for free but it does not provide as much trust as a trusted certificate. Your option is to either instruct your browser to trust that certificate or go with the best solution for purchasing and installing an SSL certificate from a trusted certificate authority.
  • The website is using a free SSL certificate: Such free certificates can be easily issued from few of the trusted certificate authorities. However, to avoid this error its Root certificate must be manually imported to each browser.
  • The website is using trusted SSL certificate but intermediate/chain certificate is missing or not installed properly: To link your certificate to the trusted source, most trusted certificates need you to install at least one other intermediate/ chain certificate on the server.

The last case listed on the list is very common. For example, in Figure 3 below, if the website owner has installed an SSL certificate without installing “GeoTrust Extended Validation SSL CA” certificate then the browser will give the error message as “The certificate is not trusted”.

SSL certificate viewer

Few browsers choose to show this error whereas there are few browsers that ignore this error. For example, Internet Explorer which automatically downloads intermediate/chain certificates on visiting the website for the first time whereas Mozilla Firefox/Google Chrome doesn’t download any certificate on its own.

So, once a trusted SSL certificate is properly installed, the browser will link up with the intermediate certificate and it will never show the error message “The certificate is not trusted”. An easy way to verify proper installation of SSL certificate is to check SSL certificate installation using free SSL Checker tool.

The error message of ‘Certificate not trusted’ will differ on each browser. Few examples are listed below:

Web browserSSL certificate error message
IE 6“The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.”
IE 7“The security certificate presented by this website was not issued by a trusted certificate authority.”
Firefox 2“Unable to verify the identity of www.*******.com as a trusted site.”
Possible reasons for this error:

  • Your browser does not recognize the Certificate Authority that issued the site’s certificate.
  • The site’s certificate is incomplete due to a server misconfiguration.
Firefox 3“The certificate is not trusted because it is self-signed.”
“The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)”
Safari 3“Authentication failed because the server certificate is not trusted.”
Google Chrome“The site’s security certificate is not trusted!”

 

SSL Error 3: ‘SSL certificate name mismatch’ error

Sometime your browser may flash an error message such as: “The security certificate presented by this website was issued for a different website’s address.” This type of error is called an ‘SSL certificate name mismatch’ error.

SSL certificate ‘Name mismatch’ error

A browser shows such message when the domain name (common name) of SSL certificate doesn’t match with the address that is entered in the address bar. This is illustrated above in Figure 4. In this, the SSL certificate was ordered for www.paypal.com and on entering just ‘paypal.com’ in the address bar, the browser instigated this type of error message for the visitors. If you are not the website administrator and if you want to get rid of this error then you must open the website with www or you need to ask the website administrator to fix the problem.

If you are the website administrator then to get rid of Name Miss Match Error you need to forward all your traffic from without “www” to with www address and you must have to install SSL certificate with “www” address.

However, the simplest solution to get rid of this error is, by purchasing an SSL certificate with SAN (Subject Name Alternative) support from a trusted certificate authority. Such SAN-supported SSL certificate will easily allow you to install SSL certificate for both, web-addresses with ‘www’ and the ones without ‘www’.

One more reason for this error to pop-up is accessing the server using internal name while the SSL certificate on that server has the public name on it. And to solve this error in this situation, you need to buy and install Unified Communication (UC) SSL that has an external public name and internal server name in the SSL certificate.

After installing the SSL certificate you can verify the certificate using our free SSL Checker tool.

Mismatch error messages may vary on different browsers

Web browserSSL certificate error message
Internet Explorer 6“The name on the security certificate is invalid or does not match the name of the site”
Internet Explorer 7“The security certificate presented by this website was issued for a different website’s address.”
Firefox 2“You have attempted to establish a connection with “http://www.mydomain.com”. However, the security certificate presented belongs to “http://mydomain (non-www).com. It is possible, though unlikely, that someone may be trying to intercept your communication with this website.
Please cancel the connection and notify the site-admin, if you suspect that the certificate shown does not belong to “www. mydomain.com”
Firefox 3“www.mydomain.com uses an invalid security certificate. The certificate is only valid for mydomain.com”.
Safari 3“This certificate is not valid (host name mismatch)”

 

SSL Error 4: This page contains both secure and nonsecure items.

Page contains secure and non-secure Items

Generally, you would see this type of error message when some of the elements of a secure webpage (the page that is open on your browser with https://) are not loaded by secure sources. This error mostly occurs with Frames, Java-Scripts & Images.

Here’s how to get rid of this certificate error:

    1. Change all URLs to https.
    2. Change all links to // or make them relative
    3. Change the browser setting.

 

Solution 1: Change all URLs to https

Open that webpage source and search for HTTP:// and replace it with https:// for all images, Frames, Java-Scripts. For example

img src=”http://www.domain.com/image.gif” alt=”” Will be replaced with, img src=”https://www.domain.com/image.gif” alt=””

It won’t work if a website does not have any SSL certificate setup and if you open image/file with https.

 

Solution 2: Change all links to // or make them relative

If you don’t want to change all links with https:// then another way is to replace them with just ‘//’.

img src=”http://www.domain.com/image.gif” alt=”” will be replaced with, img src=”//www.domain.com/image.gif” alt=””

Or you just need to access them relatively.

img src=”http://www.domain.com/image.gif” alt=”” will be replaced with, img src=”image.gif” alt=””

This method will tell your browser that it must have to load image/script/frame securely without any error if the webpage is being accessed securely, but if the webpage is not being accessed securely then the browser will load Image/script/frame normally.

 

Solution 3: Change the browser settings

If you are the website administrator then you can change the code to get rid of this error but if you are not the website administrator then the only way to remove this error is change the browser settings.

Perform following steps for Internet Explorer:

  1. Go to Tools then Internet Options.
  2. Here, select the Security Tab.
  3. Click on Custom Level button.
  4. Scroll till you find Display Mixed Content option and then select Enable and press OK.
  5. Now you will see Security Warning popup on your screen, then press Yes.

SSL Error 5: Invalid Server Certificate Error

The error Invalid Server Certificate says Google chrome is not able to find a valid server certificate to start the secured communication. To start an encrypted session the server certificate must a valid and issued by a trusted SSL Certificate authority.

Chrome will display the following Error in the browser.

invalid server certificate error chrome

How to Fix Invalid Server Certificate Error

Perform following operations to fix Invalid server certificate error.

  • Check whether the website is blocked in Firewall or by Anti-virus definition. If it’s blocked, you will face the invalid certificate error. Immediately unblock the website from Firefox or from Anti-virus definition.
  • Clear browsing history and Cookies
  • Check for current system time zone, if it does not match with the current time zone, you must reset it.
  • Check for SSL certificate installation using SSL checker tool, if the SSL not installed properly, install it again with the help of following SSL installation guides.
  • If the website is secured with self-signed CA or the CA is not identified by Google Chrome, it will display the Invalid Server Certificate Error. Make sure to secure your website with genuine and trusted SSL Certificate Authorities.

 

Related Posts

Troubleshoot ‘Secure Connection Failed’ Error in Firefox
Welcome to CheapSSLSecurity Blog
This entry was posted in SSLSecurity by Mit Gajjar. Bookmark the permalink.

About Mit Gajjar

I have been working as SSL security expert for 6 years and i have assisted to plenty of users to solve their technical issues while installation of SSL certificates on their web servers. It’s really great experience working with Platinum Partner Company CheapSSLSecurity to offer the most reliable SSL certificate security solution on the internet. Being Platinum Partner Company of Symantec, GeoTrust Thawte, Comodo, and RapidSSL, CheapSSLSecurity offers the cheapest SSL certificates security on the internet which starts at just only $3.20/yr.