Hello guys, when I tried connect to google.com from I got this Certificate Error:
<p>Session #3: The server (152.199.19.161) presented a certificate that did not validate, because it was issued to a different host.</p><p>SANs: *.vo.msecnd.net, *.adn.azureedge.net, *.ads2.msads.net, *.aspnetcdn.com, *.azurecomcdn.net, *.azureedge.net, *.azureedge-test.net, *.cdn.skype.com, *.cdn.skype.net, *.cmsresources.windowsphone.com, *.cmsresources.windowsphone-int.com, *.dev.skype.com, *.fms.azureedge.net, *.microsoft-sbs-domains.com, *.secure.skypeassets.com, *.secure.skypeassets.net, *.wac.azureedge.net, *.wpc.azureedge.net, *.ec.azureedge.net, *.wpc.ec.azureedge.net, *.wac.ec.azureedge.net, *.adn.ec.azureedge.net, *.fms.ec.azureedge.net, ajax.microsoft.com, cdnads.msads.net, cdn-resources.windowsphone.com, cdn-resources-beta.windowsphone.com, ecnads1.msn.com, iecvlist.microsoft.com, images-cms-pn.windowsphone-int.com, images-cms-tst.windowsphone-int.com, lumiahelptipscdn.microsoft.com, lumiahelptipscdnqa.microsoft.com, lumiahelptipsmscdn.microsoft.com, lumiahelptipsmscdnqa.microsoft.com, montage.msn.com, mscrl.microsoft.com, r20swj13mr.microsoft.com, *.streaming.mediaservices.windows.net, *.origin.mediaservices.windows.net, download.sysinternals.com, amp.azure.net, rt.ms-studiosmedia.com, gtm.ms-studiosmedia.com, *.aisvc.visualstudio.com, *.cdn.powerbi.com, dist.asp.net, embed.powerbi.com, msitembed.powerbi.com, dxtembed.powerbi.com, *.cdn.powerappscdn.net, downloads.subscriptionsint.tfsallin.net, download.my.visualstudio.com, cdn.vsassets.io, cdnppe.vsassets.io, stream.microsoft.com, datafactory.azure.com, *.cortanaanalytics.com, do.skype.com, software-download.office.microsoft.com, software-download.microsoft.com, prss.centralvalidation.com, *.gallerycdn.vsassets.io, *.gallerycdnppe.vsassets.io, global.asazure.windows.net, download.learningdownloadcenter.microsoft.com, www.videobreakdown.com, www.breakdown.me, *.gallerycdntest.vsassets.io, agavecdn.o365weve-dev.com, agavecdn.o365weve-ppe.com, agavecdn.o365weve.com, download.visualstudio.com, *.Applicationinsights.net, *.Applicationinsights.io, *.Applicationinsights.microsoft.com, *.sfbassets.com, *.sfbassets.net, download.mono-project.com, *.streaming.media-test.windows-int.net, *.origin.mediaservices.windows-int.net, *.mp.microsoft.com, download.visualstudio.microsoft.com, software-download.coem.microsoft.com, cdn.wallet.microsoft-ppe.com, cdn.wallet.microsoft.com, vi.microsoft.com, *.nuget.org, *.nugettest.org, cdn.botframework.com, *.streaming.media.azure.net, *.streaming.media.azure-test.net, natick.research.microsoft.com, quotecenter.microsoft.com, quotecenter-ppe.microsoft.com, cdn.cloudappsecurity.com, *.yammer.com, *.videoindexer.ai, *.api.videoindexer.ai<br>SUBJECT: CN=*.vo.msecnd.net</p>I don't know why because I add Trust Root Certificate, do you have some solve this error?
1 Answer, 1 is accepted
0
Hello Stefan,
I assume that in the address bar of the browser you typed the IP address (https://152.199.19.161:443) instead of the URL (https://google.com:443) This way the browser, and Fiddler if it is capturing, expects to receive a certificate from the server which is issued for host '152.199.19.161' and this is not the case.
A certificate is valid if it is directly or indirectly (via intermediate certificates) signed by a trusted CA and if the hostname matches the certificate. If the last condition would not be enforced anybody with a valid certificate from a trusted CA could incorporate any other site.
You should use the real URL instead of the IP address.
Regards,
Simeon
Progress Telerik
I assume that in the address bar of the browser you typed the IP address (https://152.199.19.161:443) instead of the URL (https://google.com:443) This way the browser, and Fiddler if it is capturing, expects to receive a certificate from the server which is issued for host '152.199.19.161' and this is not the case.
A certificate is valid if it is directly or indirectly (via intermediate certificates) signed by a trusted CA and if the hostname matches the certificate. If the last condition would not be enforced anybody with a valid certificate from a trusted CA could incorporate any other site.
You should use the real URL instead of the IP address.
Regards,
Simeon
Progress Telerik
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Explore the
Telerik Feedback Portal
and vote to affect the priority of the items
Howard
commented on 10 Apr 2023, 03:03 AM
Top achievements
Rank 1
Rank 1
I'm receiving similar popup error messages randomly after navigating to valid websites and interacting with them and then leaving the browser window active while switching off to other tasks. I have a screen shot showing a major bank site with this popup
Nick Iliev
commented on 10 Apr 2023, 06:50 AM
Telerik team
Hey Howard,
Most likely, the client app (the process) that makes the HTTPS Request uses the IP address instead of the domain name, and that causes the certificate error. For example, refer to the screenshot - its HTTP request shows that the CONNECT is made while using an IP address:
So that said, the error is expected, and your option is to use the ignore certificate error option provided in the popup or, alternatively, to globally ignore all server certificate errors (which is an unsafe option and should be avoided).