Websites
We’ve come across some problems with a website secured by a valid SSL certificate, but users getting an error message when they try to visit the site, with error codes similar to NET::ERR_CERT_COMMON_NAME_INVALID.
When trying to open a HTTPS webpage, you might get an error message if the server is configured to deliver HSTS (HTTP Strict Transport Security) HSTS is used to mitigate possible downgrade hijacking by forcing browsers to only use the secure HTTPS channel. Your browser caches HSTS settings, and this can sometimes lead to erroneous errors.
The error message is:
This site is not secure
This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.
With and option to close the tab, or a More Information button that shows:
Your PC doesn’t trust this website’s security certificate.
The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_INVALID_CA
DLG_FLAGS_SEC_CERT_CN_INVALID.
The error may be presented differently in different browsers, some examples are:
The fix the error, you need to clear the HSTS settings in your browser, here are the steps:
CHROME
FIREFOX
EDGE
That should sort out your broken HSTS security and allow you to access the HSTS protected website.
If you need any help with managing your website, browser or web server, contact us.
Leave a Comment