0

I am trying to setup Windows 2012 servers running IIS 8 to use https. I am running into an issue where I can get Google Chrome and IE 11 to accept the ssl certificate but Microsoft Edge and Firefox do not.

Things I have done so far:

  • Used the IIS Crypto GUI and set it to its best practices
  • Set internal dns to point to my.domain.com
  • Used Powershell New-SelfSignedCertificate -Dnsname my.domain.com -CertStoreLocation Cert:\LocalMachine\My to generate a self signed certificate with Subject Alternative Name
  • Installed cert on computer accessing intranet site.

After that I get:

Can’t connect securely to this page This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.

On FireFox I get:

my.domain.com uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: SEC_ERROR_UNKNOWN_ISSUER

I'm guessing, because of FireFox's issue, that the self-signed certificate is not going work.

So is it possible to get it to work with a self-signed certificate? If not is there a way to get proper ssl certificate on an intranet site that is not exposed externally?

gitmach
  • 1
  • 1
  • Modern browsers have a tendency to distrust self-signed certificates. So you can either create your own CA and import it in all your client devices or see if using Let's Encrypt is viable (remember that all certificates are published in the public Certificate Logs so this can reveal data about your internal hostnames). – Patrick Mevzek Mar 07 '18 at 01:54
  • How would you go about creating a CA using Windows systems? – gitmach Mar 09 '18 at 17:35
  • No idea on Windows. Just found out that: http://thephuck.com/virtualization/creating-your-own-root-ca-with-openssl-on-windows-and-signing-vcenter-or-srm-certs/ – Patrick Mevzek Mar 09 '18 at 17:42
  • https://www.jexusmanager.com/en/latest/tutorials/ssl-diagnostics.html See what SSL Diagnostics report contains. – Lex Li Apr 16 '18 at 20:09

0 Answers0