2

I have my website https://www.MyWebSite.com running on port 433. But I also have a admin login that only are available from the office local network http://MyServer:9999/Login.aspx. Both addresses points to the same site but different bindings.

Is it possible to get the one on port 9999 to use https? I tried creating a self signed certificate in IIS but my browser still complained, even though I exported the certificate and stored it in my CA Trusted root.

So just to sum everything:

My regular site: https://MyWebSite.com <-- working fine

My admin login, only accessible via local network: http://MyServer:9999/Login.aspx works fine.

When adding a selfsigned certificate issued to "MyServer" (not MyWebSite) and add the new binding on port 9999 I though to the website but Chrome is giving me a warning NET::ERR_CERT_COMMON_NAME_INVALID, even though the cert is Issued To MyServer and are trusted

Community
  • 1
  • 1
MrProgram
  • 5,044
  • 13
  • 58
  • 98

1 Answers1

1

Is it possible to get the one on port 9999 to use https?

yes it is possible to setup another port with selfsigned certificate.

Normally Selfsigned certificate will have fully qualified machine name

e.g. machinename.subdomain.domain so you have to browse using https://machinename.subdomain.domain:9999/

Please double check what error you are running into ,In chrome

Your connection is not private

Attackers might be trying to steal your information from in08706523d (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

in IE,you may get 

 There is a problem with this website’s security certificate.

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

In that case,assuming you have given hostname as * in IIS binding, and also installed the selfsigned certificate installed your "Root Certification Authorities " You should be able to browse to
https://machinename.subdomain.domain:9999/ without any issues

Rohith
  • 5,527
  • 3
  • 27
  • 31
  • When using a selfsigned certificate for `MyServer` and browsing to `https://MyServer:8888/Login.aspx` I get no warning in IE, but in firefox it says `"Your connection is not secure because the certificate is selfsigned"`. In Chrome I get though to the website but the https is red (not secure). – MrProgram Jun 30 '17 at 06:58
  • As I was saying you have to use fully qualified domain name of your machine. e.g https://MyServer.eur.corp.companyname:8888/Login.aspx . MyServeris my machine name. Firefox has seperate CA store,it does not check the machine's certificate store.So you have to install it to firefox CA store. – Rohith Jun 30 '17 at 07:03
  • So its not possible with just `MyServer:8000`? – MrProgram Jun 30 '17 at 07:14
  • it's possible but the selfsigned certificate should have Issued to as "MyServer" .This is not a problem with IIS but the way SSL works. Every browser will check the issued to field in the certificate with the hostname you are using for an exact match.You should create a slefsigned certificate with issued to as MyServer .Check this [SO post](https://stackoverflow.com/questions/19441155/how-to-create-a-self-signed-certificate-for-a-domain-name-for-development) – Rohith Jun 30 '17 at 08:07
  • But the selfsigned certificate is issued to "MyServer", and its trusted on my computer (the client) – MrProgram Jun 30 '17 at 08:36
  • What error your browser is giving ? is it ERR_CERT_COMMON_NAME_INVALID in chrome? – Rohith Jun 30 '17 at 09:00
  • Could you please update the question with more details like what error and possible some screenshot – Rohith Jun 30 '17 at 09:01