That happens when you are using an url with the short name of the server ('myserver
'),
while the certificate has been issued for the fqn (fully qualified name, like 'myserver.fr.com
').
Or vice-versa.
That is why, when I create a (self-signed) certificate, I always mention the complete subjectAltName
, with short name and the FQN, as in this openssl config file:
[ v3_ca ]
subjectAltName = DNS:@FQN@, DNS:@HOSTNAME@
That way, your certificate can match multiple hostnames.