The root cause of this is:
- Your server certificate is self-signed
- You are using an incorrect host name to connect
- Your certificate is not trusted
The host name must match the subject name on the certificate e.g. company.com and orders.company.com both point to the same URL but the certificate has been issued to company.com. So that is the name you need to use to get to the web site. Or else you can add the other names to the SAN.
If the certificate is not trusted, you can add it to the "Trusted Root Certification Authorities". But be mindful of security.
I find it useful to log why .NET doesn't like it.
Just in case that article disappears, I've saved the config here.
Change the log location.
Now assume that company.com is not in the DNS and you have an IP address e.g. 184.108.40.206.
Now the URL is 220.127.116.11 but the certificate subject name is company.com. Bingo. You get the error.
The solution is to create a host file entry.
Now you can browse to company.com and the name will match.