Chat With Us
We are here for you!
Talk to a fellow human.
Used by millions of web sites across the globe, SSL certificates provide security and confidentiality for internet users. But with so many deployments, errors can sometimes occur.
What is an SSL Connection Error?
SSL connection errors occur when your browser is unable to securely connect to a web site's server. Depending on the cause of the connection error, internet browsers will usually display a warning message, such as "This connection is untrusted," "The site's security certificate is not trusted," or "Your connection is not private."
The SSL certificate for this web site is not trusted.
An internet browser will tell you a web site is untrusted if its SSL certificate has not been signed by a trusted Certificate Authority. For a browser to accept a SSL certificate, it must be able to link it to a trusted root certificate, which are used to verify the legitimacy of web site certificates.
Most trusted root certificates are owned by an accredited Certificate Authority (CA). When a CA signs the SSL certificate of a web site, it links that web site's certificate to one of its trusted roots. For security reasons, most CA's do not sign end-entity/web site SSL certificates directly from the root but instead use an intermediate certificate to create a chain of trust with the root, so the root can sign an intermediate that can then sign individual SSL certificates.
Untrusted errors are usually caused by the following issues:
A self-signed SSL certificate is generated by the web site owner instead of a CA and is therefore not associated with any trusted root in the browser’s certificate store, giving the end user an “untrusted” error.
While self-signed SSL certificates are free and work well on intranet and development servers — where only internal personnel need to use them — self-signed certificates should never be deployed on commercial web sites.
Another potential reason for the 'Untrusted' error is because the web site administrator has not correctly installed all intermediate SSL certificates on their webserver.
When a visitor connects to your site, the webserver should present both the web site SSL certificate and any intermediate certificates to the visitor's browser, allowing it to check all certificates in the chain back to the root. While most certificate authorities will send a bundle that contains all required intermediates and end-entity/website SSL certificates, if the webserver admin doesn't install all intermediates, users will see a “certificate not trusted” message.
To avoid this problem, check out Sectigo’s complete set of installation instructions.
The “certificate name mismatch” error occurs when the domain listed on the SSL certificate does not match the domain that the browser is connecting to. For an HTTPS session to commence, the domain on the SSL certificate must exactly match the domain in the browser address bar.
There are a few reasons this error could occur:
For an HTTPS connection to be established, every item on the page must be served from secure sources — from images and videos to iframes and Java scripts.
If any of the embedded items are not secure, users can choose to either view the site in the unsecure HTTP format or view only those items that are secure — neither of which instills trust in your customers. While this is the most widespread SSL error, it’s very easy to fix.