strange ssl error issue on google chrome mac

I have a site with the same certificate(wild card) and everything is working fine on the same server.

@Ace are both from the same Certificate authority?

Just means it's a self-signed cert.

If you click the padlock in the address bar, you can get more info.

Normally has

The identity of this website has not been verified.
 • Server's certificate is not trusted.

@mehany yes the same exact certificate, same authority. Comodo @bashy yes I got that, i managed to fix it locally by applying "trust all" on my mac keychain to that cert. the question is why this happened in the first place? and if so, do some users get the same alert?

You shouldn't need to do that. It could also be a warning from Chrome since they updated required strengths on certificates but that would only show a warning.

Have you made sure that you've included the correct certs and intermediate files?

I have a site with the same certificate(wild card) and everything is working fine on the same server.

I think this where your problem is! The first certificate is configured correctly because the server hostname works with the first certificate. Wild card certificates secure a domain and all of its first-level subdomains. For example, a certificate for *.example.com secures www.example.com, mail.example.com , user.example.com ecc.. . ssh to your server and type

 hostname // this is the working certificate.

Adding trust all fixes the problem for you but more likely other users will get the same error.

To Add multiple domains, you need this type of certificate EV Multi-Domain Certificates or other wise, deploy each project on a different droplet.

Just look here to figure out your errors: https://sslcheck.globalsign.com

Mostly they provide an explanation how to fix your issues. Hope that helps.

@mehany That would come up as a common name mismatch error.

It is not possible to have 2 wild card certificates on one server. @bashy unless you got some hacks to share ;)

@mehany I didn't mean that, I meant that the error they are receiving isn't for common name mismatch like you described above. They would have a different error.

Yeah I agree, but I wouldn't depend on browsers feedback for figuring out the problem. As mentioned above, and I am sure you use such tools, a tool like SSLLABS provides more accurate feedback.

@mehany Why would you not trust the error? Always been spot on for me, the error codes for SSL are pretty standard and it's easy to understand what's wrong (at least for me when I see them).

@bashy I didn't mean to not trust SSL browser error codes, I just wouldn't depend on them to troubleshoot SSL issues. The notion is pass SSLLABS checks, which is pretty extensive, and you will not run into browser error codes issues. If my suggestion for the OP is correct, it will be detected during such a check.

@mehany w/e