I generate on windows 2016 where is IIS server certification request, the server is in Active directory domain. Then in domain i have microsoft certification authority ang in this i gnerate the certificate from this request, then I import into ISS set a bindings but now when I try connect form domain computer in chrome to IIS web site I obtaiun error NET::ERR_CERT_COMMON_NAME_INVALID. The CN in certificate is same as website . If I try this in old MS explorer in this is conection is mark as secure. How I may use this certificate as fully secure?
1 Answer
This is more than likely caused by the fact that you have only the CommonName (CN) field containing the FQDN of the IIS server. Modern browsers do not check the CN; instead they look for a DNS entry in the Subject Alternative Name (SAN) extension. This also explains why an older browser works.
If you add the FQDN as a DNS SAN entry, then it should work.
answered May 10, 2023 at 12:21
