Security certificate issue
-
Hi there,
Could you give me a hand with a security certificate issue I’m having? A colleague using IE got this error message when trying to access my site (www.sherrymcphail.ca)sherrymcphail.ca uses an invalid security certificate. The certificate is only valid for the following names: *.wordpress.com, wordpress.com (Error code: ssl_error_bad_cert_domain)
And more:
[Shield icon]
There is a problem with this website’s security certificate.
The security certificate presented by this website was issued for a
different website’s address.Security certificate problems may indicate an attempt to fool you or
intercept any data you send to the server.We recommend that you close this webpage and do not continue to this
website.[Recommended icon]Click here to close this webpage.
[Not recommended icon]Continue to this website (not recommended).
<https://sherrymcphail.ca/>[More information] <res://ieframe.dll/invalidcert.htm?SSLError=33554432>
(DONE)
No problems on Firefox, Safari or Chrome.
Thanks a million,
Sherry
(email visible only to moderators and staff)The blog I need help with is: (visible only to logged in users)
-
Hi Sherry,
This error will come up if someone visits your custom domain using “https://”
The reason why is actually in your message. We maintain SSL certificates for WordPress.com and all of its subdomains. We actually host your content using sherrymcphail.wordpress.com and redirect it to your custom domain, sherrymcphail.ca.
So your browser tries to check the Security certificate (that’s what https does), and it sees a certificate for WordPress.com — but it knows it’s trying to view sherrymcphail.ca — that’s a mismatch! Give the error message!
The only permanent fix is to create new SSL certificates for every custom domain and we’re not able to provide that. But there’s no actual security issue here, just a mismatch in the certificate and the domain name shown.
Users that visit using http: instead of https: won’t see the error, and anyone visiting with https: can create an Exception within their browser when that error message pops up.
I do apologize for the confusion though!
Best,
-Alex G.
-
Hi Alex,
Thanks so much for your prompt, pleasant and easily understood response!
I’m relieved to hear it’s just an error from using that extra “s”. I wasn’t able to see what my colleague typed in, so I didn’t anticipate that issue.
Thanks again for addressing my problem directly and not just sending me to a FAQ. Five out of 5!
Sherry
-
One more thought: could I cover for the eventuality of someone else making the same mistake by getting an SSL certificate on sherrymcphail.ca? Or will the error still pop up because of the domain name mapping?
Thanks,
Sherry -
The error would still pop up. By the nature of how we setup a domain mapping with WordPress.com the SSL certificate is going to get mismatched because the content is actually being served via WordPress.com and will bear the WordPress.com certificate. The system is setup this way so we can better provide the hosting service for free, but this is one of those quirks that comes along with it.
That was a good thought though!
Best,
-Alex G.
-
- The topic ‘Security certificate issue’ is closed to new replies.
WordPress.com Forums 