Shulou(Shulou.com)06/01 Report--

What are the ways to deal with the mismatch between ssl certificate and domain name? Many people do not understand, today the editor in order to let you know more about the ssl certificate, so give you a summary of the following content, let's look down together. I'm sure you'll get something.

The solution to the error of mismatch between ssl certificate and domain name

After the SSL certificate is deployed on the website, it is usually reminded that the ssl certificate does not match the domain name for several reasons, such as the compatibility mode of the certificate, the allocation of the certificate, the expiration of the certificate, and so on. Here is a summary of common SSL certificate errors and solutions.

Error 1: "unable to authenticate this certificate to a trusted certificate granting organization" or similar "the security certificate is granted by an enterprise you have not chosen to trust" and so on.

Solution: the reason will be that the certificate is not in the trusted directory of the computer browser, and people can install the certificate in the "trusted directory" of the computer browser. The actual process is: select the → content tab → Certificate-→ Import in the computer browser. If the granting organization cannot be trusted, it is highly recommended to buy SSL certificates verified around the world, such as the OKCERT brand SSL certificate compatibility model is very good.

Error 2: "the domain name registration of the security certificate shown in this URL is not consistent with the address of the website"

Solution: the domain name registration matched by a certificate is unique. When you encounter the domain name registration on the certificate shown by the URL is different from the domain name registration on the URL itself, the system software reports that the domain name registration in the certificate is not matched. If there is a multi-site name with the same main domain name registration, you must apply for a multi-domain SSL certificate.

Error 3: "the certificate I saw when browsing the web site is the one I installed."

Solution: when you encounter this kind of problem, people can check whether only one certificate is installed on the same IP and its port number of the network server. The SSL agreement only allows one certificate to be returned on an IP port number. This problem can be handled according to the assignment of different server ports or different ip addresses.

Error 4: "URL certificate has expired or has not yet taken effect"

Solution: you can check the reasonable start and end date of the certificate information as marked in the red box in the picture, confirm whether the certificate is within the validity period, and if you need to check whether the time on the computer is appropriate, if there is no valid period, contact the certificate granting manufacturer as soon as possible.

What are the reasons why the ssl certificate is invalid?

1. The SSL certificate of the website is no longer within the validity period.

The certificate should be checked first to see if it has expired. The publication time of the SSL certificate cannot exceed 39. 6 months. Therefore, the general SSL certificate is only valid for one to two years. The system administrator should often check whether the certificate has expired. If it has already expired, please renew the certificate immediately or buy the certificate again. If you apply for the SSLca certificate in Jinwang Technology, then don't worry, customer service has just started to prompt and help you renew your subscription in the first three or six months.

2. The time of computer software is incorrect.

If your computer time setting is incorrect, it will also cause the reminder certificate to be useless or expired. Please check that the system time is accurate. If the system time is not within the initial deadline of the ssl certificate, it will cause the computer browser to remind the ssl certificate that the certificate expires or is not valid.

3. The certificate of the external connection URL has expired.

If the first two ways are difficult to solve, check whether the certificate of the external connection URL is expired. The name of the site quotes other chains that have deployed https security certificates. If the certificate of the chain expires in addition, it will remind you that it is relatively incorrect. The intelligent terminal that can check the certificate error in the external chain is Apple browser and IE6 on PC (no reminder around IE6).

4. Insecure http resources are loaded in the URL, or the certificate is not properly installed.

The http resource is enabled in the https web page, and the computer browser with the IE core version number will remind the web page of the element of insecurity. (Firefox and Google are also their own safety tips)

5. Apply self-signed SSL certificate.

The self-signed SSL certificate is a certificate granted by yourself or the organization itself. They have great security risks, are more vulnerable to attacks, and are less likely to be trusted by computer browsers.

6. the application of certificates with poor practicability.

Similarly, the impractical SSL certificate approved by small and medium-sized service providers is not trusted by computer browsers. Because the top layer of the certificate trust chain is the CA institution, this small service provider lacks the credibility of the CA institution and will not be trusted by computer browsers. Therefore, it is proposed to select the CA institutions that have the ability to work on the electronic certification service project of the League of Nations according to the verification of the League of Nations Webtrust specification.

7. The SSL certificate does not match the domain name mailbox.

One of the necessary authentication procedures for applying for a SSL certificate is to verify the domain name registration, and the SSL certificate will be granted only after the domain name registration has been verified. Therefore, the SSL certificate corresponds to the domain name mailbox one by one, and the certificate of the A URL cannot be used for the B URL, otherwise the computer browser will remind you that the SSL certificate is useless.

These are the details of how to deal with the mismatch between the ssl certificate and the domain name. Have you learned anything after reading it? If you want to know more, welcome to the industry information!

SSL certificate securely encrypts the website, which can effectively prevent hijacking, prevent your website from being maliciously implanted with advertisements, prevent tampering and monitoring from leaking users' passwords, and optimize the SEO ranking of search engines with SSL certificates.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.