What is “certificate mismatch”?

A certificate mismatch indicates hostname verification failure:

What should match:

Certificate's Common Name (CN) or Subject Alternative Name (SAN). The hostname used to connect. Must be exact or valid wildcard.

Mismatch scenarios:

Wrong certificate installed: Certificate for different domain. Missing SAN entry: Hostname not in certificate. Load balancer issue: Generic certificate on frontend. Wildcard limitations: *.example.com does not match sub.sub.example.com.

Email impact:

Strict verification: Connection fails. Opportunistic TLS: May proceed with warning. Affects trust in server identity.

Resolution options:

Receiving server must fix certificate. Sender may allow unverified connections (less secure). Document known exceptions.

Certificate mismatch is showing ID for the wrong person. The name does not match who you claim to be.