Receive following message for SSL certificate: NET::ERR_CERT_COMMON_NAME_INVALID

Document ID : KB000013403
Last Modified Date : 14/02/2018
Show Technical Document Details

Receive message for SSL certificate NET::ERR_CERT_COMMON_NAME_INVALID

when accessing url


This server could not prove that it is; its security certificate is from, This may be caused by a misconfiguration or an attacker intercepting your connection.

Windows does not have enough information to verify this certificate.

Issued to:

Issued by: ACECAISSUE2

Valid from: 17/11/2017 to 17/11/2018


The reason the customer has both and in DOMAIN name in the certificate is users can use either one in the url to access.


Top Secret or the other security software (ACF2 , RACF) do not support genning multiple altname segment for a digital certificate. Other clients that needed this functionality needed to go to an outside CA to obtain the certificate.

Once the CA supplied the certificate they were then able to add it to Top Secret. (CA = Certificate Authority)


Genning a certificate request via GSKKYMAN with two domains.

These are the steps:


1. GSKKYMAN - gen a request with two domains

2. export the request PK10 to MVS

3. Use the PK10 as input for a GENCERT - will need a signing certificate


You should now have a certificate with two domains.

 4. Add the certificate to the keyring, both the new one (two domain) and the signer.