Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Common name mismatch

Author: Government Digital Service

Common name mismatch

What this means

A common name mismatch is an error where the domain name in the SSL/TLS certificate does not match the website address.

This security warning appears because the browser cannot verify that the website is who it claims to be, and it can be caused by issues like a certificate for the wrong domain, DNS changes, or shared hosting configurations. 

Why this is a problem

Since the certificate has an error or a mismatch for the website, modern browsers will not trust it and generate a mismatch error.

This can result in trust issues, as the names do not match and the website will be classed as insecure.

How to check if the problem is there

To check if a website is exposed to this, an administrator should check for:

  • the wrong certificate – the certificate might be issued for a different domain
  • recent DNS changes – the website’s DNS records might be recently changed but the certificate has not been updated yet
  • shared hosting – the server is hosting multiple websites on the same IP address, and the certificate on that shared IP does not cover all of them
  • subdomain issues – a wildcard certificate has been installed, but the website uses a subdomain that is not covered
  • server configuration – the hosting provider has settings that override the certificate installation

How to fix this

To resolve the common name mismatch error, an administrator should check that the website’s domain name exactly matches the “Common Name” (CN) on the SSL certificate.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now