CERT COMMON NAME INVALID doesn't mean what you think it does

Standards change, error codes don't

By Mike on 9th Feb 2018

So you're checking your HTTPS on your website and see:

Hrm. There's only one piece of useful information here: ERR_CERT_COMMON_NAME_INVALID (there's some linked help but it doesn't contain anything for site owners). Seems like you need to fix the common name on your certificate. If you set up web sites in the early 2000s, you might even remember common names (also called CNs).

There's just one thing:

The error message is wrong - Chrome, like most web browsers, doesn't use Common Names.

The 'Common Name' field was used more than a decade ago, but has been phased out by browsers since 2001.

The real cause of the error is simple: the name of the site you're visiting isn't included on the certificate. For example, if you visited get.example.com and the certificate only contained example.com and www.example.com, you'd see this error.

You'll need to add an additional domain names to the domain names on the certificate. The field - the only field - that stores domain names on certificates these days is called 'Server Alternate Names', or SANs - so you might hear the process referred to as 'adding a new SAN' by people who like being specific.

The important bit is, getting a certificate with a new 'common name' won't fix the problem. Again, Chrome doesn't actually use the field anymore. Here's a certificate with no Common Name at all - it's fine.

To add a name to the certificate, just Log In, click "Add/Remove domain names" and add the domain you'd like.

All our EV certificates come with 3 domains built in, after that there's a small charge per domain name. You can add as many as you like.

After you approve the change, you'll get a new certificate with the domain name added. You can simply overwrite your old certificate file with the new one.

Mike MacCana, founder at CertSimple.

CertSimple makes EV HTTPS fast and painless.

An EV HTTPS certificate verifies the company behind your website. But getting verified is a slow painful process. CertSimple provides EV HTTPS certificates 40x faster than other vendors. We check your company registration, network details, physical address and flag common errors before you pay us, provide verification steps specific for your company, update in realtime during the process, and even check your infrastructure to help you set up HTTPS securely.
Verify your site now!