Forum Discussion
How to Issue TLS 1.2 Certificate in Win Server 2019 Certificate Authority
Hi farismalaeb,
No, I have never use IIS Crypto before which made me hesitance to use this. I don't know exactly what IIS Crypto will make changes on my server that hosts my CA. So I used the backup function and could see it backed up my current registry key.
It seems safe to use IIS Crypto, so I ran the best practice, and I can see that my server missed a lot of setting. I rebooted the server, and re-issued another cert. However, I still ran the same issue where Chrome won't load the page. The Error Message in Chrome said "The connection to this page is not secure". I don't know what is missing here, or how to specifically to issue cert with TLS 1.2.
You need to run this tool on the server hosting your webserver (the sites that are not working server) not the CA, or at least start it there and make sure that the protocols such as TLS 1.1/ TLS 1.2 are checked, if not checked then you need to enable them.
Make sure that the generated certificate has a SAN (Subject Alternative Name) as chrome require this, CN is not enough and chrome will "Display warning" but as far as I know wont break the connection.
One more thing to note that Chrome will mark any certificate generated without a SAN as insecure too.
Run IISCrypto tool also on the client and check, are TLS 1.1/1.2 version enabled on the client system, maybe the client is dont have TLS 1.2 enabled by default
last thing, please share a screenshot of chrome error you are getting.
Thanks
Hi farismalaeb,
I have attached the error in Chrome.
The webserver is actually a part of the application and is working OK, in terms of the TLS 1.2 matter. I could say this as I have done a test. I have a wild card cert issued by Rapid SSL. I tested using this cert and installed it to the web server. I tricked it by creating a new zone in the internal DNS server to use our public domain name. The web server accepted the cert, and Chrome can load the page OK.mmm, it seems that your browser did not reach to the Certificate exchange, as and in the chrome_Error_2 you post, i dont see the certificate menu.
1- Would you please share the IISCrypto screenshot for after running it on both Server, and the client
2- Are you able to browse the site from inside the server.
Hi farismalaeb,
I have attached the screen shot from IIS Crypto on the server. Sorry, I need to make it clear that the web server is part of a special printer that we use for operations. But, I did test from different computers, and all are behaving the same. Chrome won't load the page.
