3

I have a self-signed ssl certificate that I am trying to use on my Windows 7 development IIS7 machine. The certificate is working; however I am still getting a mismatched address error in IE9.

This is purely for development and testing purposes.

I’ve been through numerous blogs and postings and have tried to create the certificate using many different techniques. I've tried using both my machine name and localhost for the certificate but I get the same error.

These are the two I have followed most closely:

http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx

http://www.robbagby.com/iis/self-signed-certificates-on-iis-7-the-easy-way-and-the-most-effective-way/

This is my certificate in the MMC console under Trusted Root Certificates Authorities:

enter image description here

The signature matches the one assigned in IIS:

enter image description here

And my site is bound to that certificate:

enter image description here

Why do I continue to get the error and how can I fix it? Are there any issues using sugdomains on localhost?? All of my sites are run under one IIS app but each one has its own subdomain (multi-tenant).

rboarman
  • 237
  • 1
  • 5
  • 15

1 Answers1

5

if the certificate CN or altName dnsName is 'localhost' then the browser will only accept a hostname of 'localhost' (and not something.localhost nor localhost.localdomain etc).

Ram
  • 612
  • 3
  • 10
  • How do multi-tenant sites handle ssl then? It's not viable to have one certificate per subdomain. – rboarman May 28 '12 at 19:09
  • 1
    Two options: 1 is to use wildcards in the CN or altName (e.g. *.example.com); 2 is to use mulitple altNames (ww1.example.com, ww2.example.com, some.other.exampletld) – Ram May 28 '12 at 19:11