CERT COMMON NAME INVALID doesn't mean what you think it does

Standards change, error codes don't

July 12, 2021
We're Expedited Security. We help SAAS applications prevent and recover from attack, overcome regulatory or integration security requirements or just stop "weird" traffic before it becomes a problem.

So you're checking your HTTPS on your website and see:

an image

Hrm. There's only one piece of useful information here: ERR_CERT_COMMON_NAME_INVALID (there's some linked help but it doesn't contain anything for site owners). Seems like you need to fix the common name on your certificate. If you set up web sites in the early 2000s, you might even remember common names (also called CNs).

There's just one thing:

The error message is wrong - Chrome, like most web browsers, doesn't use Common Names.

The 'Common Name' field was used more than a decade ago, but has been phased out by browsers since 2001.

The real cause of the error is simple: the name of the site you're visiting isn't included on the certificate. For example, if you visited get.example.com and the certificate only contained example.com and www.example.com, you'd see this error.

You'll need to add an additional domain names to the domain names on the certificate. The field - the only field - that stores domain names on certificates these days is called 'Server Alternate Names', or SANs - so you might hear the process referred to as 'adding a new SAN' by people who like being specific.

The important bit is, getting a certificate with a new 'common name' won't fix the problem. Again, Chrome doesn't actually use the field anymore. Here's a certificate with no Common Name at all - it's fine.

To add a name to the certificate, just Log In, click "Add/Remove domain names" and add the domain you'd like.

an image

All our EV certificates come with 3 domains built in, after that there's a small charge per domain name. You can add as many as you like.

After you approve the change, you'll get a new certificate with the domain name added. You can simply overwrite your old certificate file with the new one.