We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

IIS 10 and wildcard certificatesRSS

4 replies

Last post Aug 05, 2020 08:45 AM by Yuk Ding

  • IIS 10 and wildcard certificates

    Jul 30, 2020 06:14 PM|MissAmberClark|LINK

    Hello!

    I'm trying to set up HTTPS on an internal website where I work. It is one of many sites on the webserver. The certificate comes from an internal certificate authority and is a wild card certificate (*.mycompany.com).

    When accessing the site (https://app.mycompany.com) I get the following certificate error ERR_CERT_COMMON_NAME_INVALID.

    The web site has the following bindings:

    • Type: HTTP; IP Address: All Unassigned; Port: 80; Hostname: app.mycompany.com
    • Type: HTTPS;  Address: All Unassigned; Port: 443; Hostname: app.mycompany.com; Require Server Name Indication: Yes; SSL Cert: mywildcardcert

    Any thoughts?

  • Re: IIS 10 and wildcard certificates

    Jul 30, 2020 10:07 PM|lextm|LINK

    I doubt if you have mapped the right certificate, but SSL Diag should reveal that,

    https://docs.jexusmanager.com/tutorials/ssl-diagnostics.html

    Run a report and see what it says.

    Lex Li
    Want to have a chat on the issues you meet? Book an appointment at https://buy.stripe.com/cN24ia0yi7sAdIA7sv
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: IIS 10 and wildcard certificates

    Jul 31, 2020 07:08 AM|Yuk Ding|LINK

    Hi MissAmberClark,

    What error message did you see if you open the website in chrome and go to security tab? It should show the root cause. Please ensure the wildcard certificate is also valid for client side. I mean the client also trust your internal certificate chain.

    Please ensure you have register the authority and certificate chain correctly.

    Best Regards,

    Jokies Ding

    Yuk Ding

    MSDN Community Support
    Please remember to "Mark as Answer" the responses that resolved your issue.
  • Re: IIS 10 and wildcard certificates

    Jul 31, 2020 04:39 PM|MissAmberClark|LINK

    @lextm recommended the SSLDiag and that was helpful. SSLDiag showed that everything was set up correctly. 

    Since it looked okay, I tried the site in IE11 and Edge. Both of those browsers worked and did not show any certificate errors.

    Since Chrome is not trusting the cert, but the Microsoft products are, I'm thinking that IE and Edge trust the cert because the CA can be found in the AD domain, whereas Chrome does not. Well, that's my theory, anyway.

  • Re: IIS 10 and wildcard certificates

    Aug 05, 2020 08:45 AM|Yuk Ding|LINK

    Hi MissAmberClark,

    Chrome has its independent standard to verify certificate. So please check your chrome developer tool to show the real error message.

    Best Regards,

    Jokies Ding

    Yuk Ding

    MSDN Community Support
    Please remember to "Mark as Answer" the responses that resolved your issue.