If you are seeing an error in Google Chrome for ‘net::err_cert_common_name_invalid’, then you are experiencing an SSL certificate problem.
SSL certificates are an important part of cybersecurity. Every domain name will have an SSL or Secure Sockets Layer certificate that acts to authenticate the website. The website information is encrypted or scrambled into an unreadable format. SSL technology combined with the property decryption key is combined to unscramble the data. All SSL certificates have the following:
- Certificate’s expiration date
- Certificate’s serial number
- Certificate holder’s name
- Certificate holder’s public key
- Certificate-issuing authority’s digital signature
Anytime you access a website, look at the address bar. Any domain name with a padlock and HTTPS protocol is protected using an SSL certificate. HTTP (Hypertext Transfer Protocol) becomes HTTPS, with the S standing for Secure. When entering your credit card information or login information, you want to be sure that you are using a website with an SSL certificate. Checking that the padlock is there is a good habit when logging into social media sites. Sometimes you can accidentally end up on a false website, fronting a popular social media site like Facebook or Twitter. This website will have a different address and is less likely to have the HTTPS protocol and padlock.
What causes the ‘net::err_cert_common_name_invalid’ Google Chrome error?
The error ‘net::err_cert_common_name_invalid’ is essentially stating that the common name normally called the domain name, is invalid for that SSL certificate. For some unknown reason, the SSL certificate information does not match the domain name where it is installed.
This error may be triggered by a backend problem, but sometimes a user’s browser or antivirus could be interfering with the connection. This means the causes of this error can be broken into two major groups:
1. Admin error
If you are a website administrator or developer, you will want to determine what is causing this SSL certificate error in Google Chrome, and immediately remedy it. Google Chrome alerts any visitor that connection to your website is not private. This page allows visitors to continue onto your website, but the warning symbols are likely to scare away many users. Visitors can click ‘Back to safety’ and never even visit your site. This error could seriously limit traffic to your site.
Potential causes that an administrator is responsible for fixing:
- Website switched to HTTPS before installing SSL certificate
- SSL certificate needs to account for address variations, especially www variations
- Invalid SSL certificate that browser recognizes as unsecured
2. User-side issue
As a user, you may not be able to fix this problem if the issue originates in the SSL certificate validation and connection. But oftentimes, this error can be triggered by a variety of settings on the user’s side. If you see the warning that the website you are trying to reach is not private, you should be wary. If you are certain the website is legitimate, you can proceed on, but exercise caution when entering any personal information on the site.
Potential causes that a user can fix:
- Corrupt browser cache
- Interference from a browser extension
- Antivirus software preventing SSL connection
- Misconfigured proxy settings
Proven methods to fix the ‘net::err_cert_common_name_invalid’ Google Chrome error
As above, the solutions to the ‘net::err_cert_common_name_invalid’ error in Google Chrome are going to be broken down into two groups: admin and user.
1. Check Your SSL Certificate
- Open Google Chrome and enter your website’s URL address into the address bar. Press Enter to attempt to reach your website.
- When the website has the ‘net::err_cert_common_name_invalid’ error, Not Secure and a caution symbol will be displayed first in the address bar. Click on this warning.
- A menu will drop down, find and click on Certificate (Invalid).
- A window will open that displays further details of the SSL certificate for your site.
- Check that the domain name listed matches the domain name in the address bar. If not, you will need to remove this bad certificate and install a new one.
Additionally, If you are using a Wildcard SSL certificate, your SSL certificate may not be set up to cover the subdomain you are accessing. For example, you may have different subdomains set up like front_page.site.com and about_page.site.com. But if your certificate was not properly configured to recognize both of these subdomains, this error may be thrown. All subdomains that you want to use need to be listed for encryption.
Many web hosting companies now provide SSL certificates as part of your hosting package. If you haven’t purchased your own SSL certificate, you may need to reach out to your web host to confirm that any SSL included is installed properly.
2. Check for Self-Signed SSL Certificate
You may be tempted to use a self-signed SSL certificate. It’s free, and all the costs associated with hosting and upkeep of a website can seem to grow endlessly. But SSL certificates need to be recognized by a Certificate Authority (CA). It’s strongly suggested to purchase an SSL certificate from a reputable Certificate Authority, such as:
IdenTrust is the number one choice, with 51% of the market share for digital certificates. To check that your certificate is not self-signed, follow the same steps as solution one. After step 5, the only extra step is:
- Look at the detailed window for your SSL certificate. Facebook’s certificate is shown below as an example:
- Check that your SSL certificate is distributed by a reputable Certificate Authority (CA). Google Chrome and other browsers may automatically mark your website as Not Secure, with a self-signed certificate. You can see that Facebook uses DigiCert.
- If your SSL certificate is self-signed, visit any of the Certificate Authority (CA) companies listed above to purchase and install a proper certificate.
1. Check for Browser Extension Conflicts
Browser extensions can be a great way to customize your browser and improve its functionality. Depending on your interests, shopping, organizational, work-related, there is sure to be a browser extension to help you out. Browser extensions are simply small pieces of software that can edit your browser to perform any number of features. Unfortunately, browser extensions can have unintended consequences. To check that your browser extensions aren’t causing conflicts with your browser:
- Open Google Chrome. Click on the three ellipses in the right-hand corner. Select New incognito window.
- With the incognito window open, all browser extensions are disabled. Now enter the URL of the website you are trying to access in the address bar. Click Enter.
- If the error does not appear, then one of your browser extensions is impeding your browser from authenticating that site’s SSL certificate. You can uninstall your extensions one at a time until the problem extension is identified, or choose to uninstall all of them.
2. Temporarily Disable Antivirus Software
Antivirus software is a very important component of a secure and safe computer. Without antivirus software, your system can become infected with malware, intent on stealing your information, passwords, and financial records. But antivirus software is not perfect. Sometimes when trying to protect your system, it can interfere with outgoing and incoming connections. To verify that your antivirus software isn’t causing the ‘net::err_cert_common_name_invalid’ error:
- Open your Antivirus software, this may be Malwarebytes, Avast, McAfee, Norton, or another option.
- Look for a setting called HTTPS Scanning. If this setting is turned off, toggle it on. If this setting is turned on, toggle it off.
- Open Chrome and see if you can connect to the website you were experiencing the error on.
HTTPS scanning is a feature that may be provided by your antivirus software. Essentially, HTTPS scanning allows your antivirus software to act as a middle man. The software will decrypt all HTTPS connections and scan them, to check for any malware. This may help your antivirus software to bypass any SSL certificate validation problem you may be experiencing. Conversely, HTTPS scanning can sometimes cause problems with browsers and need to be turned off.
3. Clear SSL State and Browser Cache
A website may have updated its SSL certificate, but your browser has cached information from that website previously to speed up connection times. Now that the SSL certificate has been updated by the website admin or developer, your browser cache and SSL state are outdated. To clear your SSL state and cache to eliminate this as the source of the problem:
- Click the Windows icon on the taskbar and search for Internet Options. Select Internet Options.
- The Internet Properties window will open. Navigate to the Content tab.
- Under the Certificates heading, find Clear SSL State. Click and a pop-up window will open, telling you the SSL Cache Cleared Successfully.
- Now open Google Chrome. Select the three ellipses in the top right corner and hover over More tools. Select Clear Browsing Data… from the new options.
- Set your Time range to All Time and click Clear Data.
- Now try to access your website of choice, which was triggering the error previously, to see if this has solved the problem.
4. Check Proxy Settings
Incorrectly configured proxy settings can interfere with your connection capabilities and even trigger SSL certificate errors. Thankfully, checking your proxy settings is very straightforward and can be done from within Google Chrome:
- Open Google Chrome and click the three ellipses in the right-hand corner. Click Settings.
- Scroll down the settings page until you see the System section. Click Open your computer’s proxy settings.
- The Proxy settings for your computer will open up. Make sure that Automatic proxy setup is set to Automatically detect settings.
- Once again, check if you can navigate to the website that was throwing the ‘net::err_cert_common_name_invalid’ beforehand.
5. Check that Google Chrome and Windows 10 are Updated
The last solution available as a user, that could solve this error, is to update your Google Chrome and Windows 10. To check that both are fully updated:
- Click the Windows icon on the taskbar and search for Windows updates. Select Check for updates.
- The settings page for Windows Update will open. Find and click Check for updates.
- Windows Update will now search for any updates that need to be applied. You will then have the option to update.
- Now open Google Chrome. Click the three ellipses in the right-hand corner and hover over Help. Click About Google Chrome.
- Google Chrome’s settings window will open. Google Chrome will automatically check for any updates and apply them, with no further action on your part.
- Restart your computer if any Windows updates were applied. Restart Google Chrome and check if the error has been resolved.
‘Net::err_cert_common_name_invalid’ Google Chrome error resolved
The solutions above are aimed to help both website administrators or developers and users. SSL certification errors can plague both groups, but the solutions are very different between the two. Website administrators need to check that their SSL certificate is valid, set to the correct domain name, and recognized as secure by a reputable Certificate Authority. Users have to check that none of their browser settings or extensions, antivirus software, or proxy settings are interfering with their ability to connect to HTTPS sites.
If you are a website administrator and still experiencing trouble or unable to identify a cause to this error, please contact the company you purchased your SSL certificate from. They will have a robust technical support department to help with complex SSL certificate authentication problems. If you are a user and still have not resolved this problem, you may need to reach out to the site’s administrator to see if they are aware of the problem.