1. My browser informs me of errors when I browse to the secure part of my site.
Browsers will tend to check a number of common features of your certificate when connecting via https. The common errors are:
• My browser states a warning next to “The security certificate is from a trusted certifying authority” whenever I connect to my website using SSL.
This usually indicates that the certificate has not been installed correctly or the server requires a physical reboot. Try reinstalling the certificate and physically restarting your server.
• My browser states a warning next to “The security certificate date is valid” whenever I connect to my website using SSL.
This indicates that the certificates has expired, or is not yet valid. It may also indicate that the time/date is incorrect on the computer being used to visit the website over https.
• My browser states “The name on the security certificate is invalid or does not match the name of the site” whenever I connect to my website using SSL.
An SSL Certificate is issued to a Fully Qualified Domain Name (FQDN). The actual FQDN is digitally signed and sealed within the issued certificate. The SSL Certificate can only be used on this FQDN and nothing else – otherwise a name mismatch occurs.
An SSL Certificate issued to www.yourdomain.com can only be used on www.yourdomain.com. It cannot be used on secure.yourdomain.com or even just yourdomain.com (with no subdomain). If you require a single SSL certificate that can be used on multiple subdomains, then you may want to consider a Wildcard certificate.
2. When connecting to my site over https, my browser alerts me that I have both secure and non-secure content.
This error occurs when you are trying to reference files from your (or somebody else’s) webserver over http when you have an https session. Either change the file references (e.g. graphics, stylesheets, etc.) in your HTML webpage code to https or use relative links.
3. I cannot view my webpages over SSL.
This error will occur when your webserver, firewall, or network has not been correctly configured to serve pages over SSL. Check the following:
a. Your certificate has been installed for the correct website.
b. Your private key is not corrupt or has not been accidently deleted.
c. You have assigned port 443 as the SSL port on your webserver.
d. You have opened port 443 for SSL traffic on your firewall or router.
e. You have correctly configured your DNS settings on your network.
4. I may need to change my IP address for my webserver, does this matter?
An SSL Certificate is issued to a domain name and not an IP address. So, as long as your webserver is hosting the domain name for which your SSL certificate has been issued, the IP address doesn’t matter.
5. My webserver hosts many sites on a single IP address; can I install a certificate for each domain name?
The SSL protocol encrypts the domain name when an SSL session is being established. If you are hosting many websites each with their own SSL certificate on the same webserver, each website must have a unique IP to ensure that the webserver knows which domain the SSL session should be for. If you only host a single domain, then you can use name-based hosting. However, if you host multiple domains on the same server, then you must use IP-based hosting. Please note that host headers on Microsoft IIS will cause SSL errors if you install multiple SSL certificates for multiple domains on a single IP address.