Chrome showing error NET::ERR_CERT_COMMON_NAME_INVALID for site with CN and Subject Alternative Name Set Correctly

Question

Chrome shows error (NET::ERR_CERT_COMMON_NAME_INVALID) when accessing https://www.unifiedportal-mem.epfindia.gov.in/memberinterface . The certificate has Common Name (CN) and Subject Alternative Name (SAN) set to *.epfindia.gov.in, so why does chrome generating the error?

I did read the link to understand why SAN is now preferred over CN. Note that firefox also showing warning on trying to access the epfindia.gov.in link.

Here are screenshots

Left-most shows chrome error
Middle shows Subject in Certificate
Right-most show Subject Alternative Name in Certificate

Dupe https://stackoverflow.com/questions/32510641/wildcard-certificate-does-not-work-for-sub-domain and several more linked there. — dave_thompson_085, Dec 15 '19 at 05:03
Thanks Dave. Feel free to mark it as duplicate. So the www prefix here was causing multi-level domain causing the problem. — Jay Rajput, Dec 16 '19 at 05:45

score 0 · Answer 1 · answered Dec 15 '19 at 03:22

Turns out it is the www in the URL which is causing it to not match with the Certificate. https://www.unifiedportal-mem.epfindia.gov.in/memberinterface vs https://unifiedportal-mem.epfindia.gov.in/memberinterface/. The epfo passbook site provides link to www.unifiedportal-mem.epfindia.gov.in which is a problem.

The one without www works like a charm

Chrome showing error NET::ERR_CERT_COMMON_NAME_INVALID for site with CN and Subject Alternative Name Set Correctly

1 Answers1