I'm trying to set up HTTPS on an internal website where I work. It is one of many sites on the webserver. The certificate comes from an internal certificate authority and is a wild card certificate (*.mycompany.com).
When accessing the site (https://app.mycompany.com) I get the following certificate error ERR_CERT_COMMON_NAME_INVALID.
The web site has the following bindings:
Type: HTTP; IP Address: All Unassigned; Port: 80; Hostname: app.mycompany.com
Type: HTTPS; Address: All Unassigned; Port: 443; Hostname: app.mycompany.com; Require Server Name Indication: Yes; SSL Cert: mywildcardcert
Lex Li
Affordable IIS Consulting Services at https://support.lextudio.com/services/consulting.html
---------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
What error message did you see if you open the website in chrome and go to security tab? It should show the root cause. Please ensure the wildcard certificate is also valid for client side. I mean the client also trust your internal certificate chain.
Please ensure you have register the authority and certificate chain correctly.
Best Regards,
Jokies Ding
Yuk Ding
MSDN Community Support
Please remember to "Mark as Answer" the responses that resolved your issue.
@lextm recommended the SSLDiag and that was helpful. SSLDiag showed that everything was set up correctly.
Since it looked okay, I tried the site in IE11 and Edge. Both of those browsers worked and did not show any certificate errors.
Since Chrome is not trusting the cert, but the Microsoft products are, I'm thinking that IE and Edge trust the cert because the CA can be found in the AD domain, whereas Chrome does not. Well, that's my theory, anyway.
6 Posts
IIS 10 and wildcard certificates
Jul 30, 2020 06:14 PM|MissAmberClark|LINK
Hello!
I'm trying to set up HTTPS on an internal website where I work. It is one of many sites on the webserver. The certificate comes from an internal certificate authority and is a wild card certificate (*.mycompany.com).
When accessing the site (https://app.mycompany.com) I get the following certificate error ERR_CERT_COMMON_NAME_INVALID.
The web site has the following bindings:
Any thoughts?
8930 Posts
MVP
Re: IIS 10 and wildcard certificates
Jul 30, 2020 10:07 PM|lextm|LINK
I doubt if you have mapped the right certificate, but SSL Diag should reveal that,
https://docs.jexusmanager.com/tutorials/ssl-diagnostics.html
Run a report and see what it says.
Affordable IIS Consulting Services at https://support.lextudio.com/services/consulting.html
---------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
4042 Posts
Re: IIS 10 and wildcard certificates
Jul 31, 2020 07:08 AM|Yuk Ding|LINK
Hi MissAmberClark,
What error message did you see if you open the website in chrome and go to security tab? It should show the root cause. Please ensure the wildcard certificate is also valid for client side. I mean the client also trust your internal certificate chain.
Please ensure you have register the authority and certificate chain correctly.
Best Regards,
Jokies Ding
MSDN Community Support
Please remember to "Mark as Answer" the responses that resolved your issue.
6 Posts
Re: IIS 10 and wildcard certificates
Jul 31, 2020 04:39 PM|MissAmberClark|LINK
@lextm recommended the SSLDiag and that was helpful. SSLDiag showed that everything was set up correctly.
Since it looked okay, I tried the site in IE11 and Edge. Both of those browsers worked and did not show any certificate errors.
Since Chrome is not trusting the cert, but the Microsoft products are, I'm thinking that IE and Edge trust the cert because the CA can be found in the AD domain, whereas Chrome does not. Well, that's my theory, anyway.
4042 Posts
Re: IIS 10 and wildcard certificates
Aug 05, 2020 08:45 AM|Yuk Ding|LINK
Hi MissAmberClark,
Chrome has its independent standard to verify certificate. So please check your chrome developer tool to show the real error message.
Best Regards,
Jokies Ding
MSDN Community Support
Please remember to "Mark as Answer" the responses that resolved your issue.