We have been trying for a while now to pass validation on our new Word add-in. Since the reports recommend contacting the validation team on Stack Overflow, here we are.
The reports state that:
The URLs in question are the login URLs, which the add-in redirects to in order for the user to login.
The specific errors that are shown in the reports relate to SSL:
(in what looks like a screenshot of Microsoft Edge)
The hostname in the website's security certificate differs from the website you are trying to visit.
Error Code:
DLG_FLAGS_SEC_CERT_CN_INVALID
(in Word)
Add-in Error
The content is blocked because it isn't signed by a valid security certificate.
The thing is, we cannot reproduce this. The login page opens successfully for us both within the add-in and outside on other standalone browsers. We have triple-checked the SSL certificates and cannot find anything wrong with them. We have sent over video proof that everything works just fine for us, so we are at a loss as to what to do.
Where do we go from here? Please help.
After much digging, rummaging, hair-pulling, and going down one rabbit hole after another, we found the culprit to be our geolocated load balancers' SSL certificates that needed updating. Once we did that across every supported region, the SSL issues went away.
A humbling experience for all involved.