Forum Discussion

PAM77's avatar
PAM77
Copper Contributor
Feb 26, 2026

WAC can connect to itself or to other servers.

Hello,

I have installed WAC with an internal certificate of my company. I can login to the web, the certificate appears correct in the browser.

When I try to connect to the gateway itself or to other servers.

No connection could be made because the target machine actively refused it:

servergw.domain.com:6601

 

On event viewer: Event Winrest:

Hosting failed to start

Exception:

System.InvalidOperationException: The requested certificate E=email address removed for privacy reasons could not be found in LocalMachine/My with AllowInvalid setting: False.

 

The certificate is correct like other from company that used in other services, It has private key, and server authentication:

 

E = email address removed for privacy reasons

CN = email address removed for privacy reasons

OU = company

O = company bla bla

L = City

S = City

C = Country

 

I tried to create with other SAN:

DNS=servergw.domain.com

DNS=servergw

DNS=localhost

 

I have also tried to give permissions to the private key to Network Service, change the service to run with Local System.

WinRM and trusted hosts are correctly.

It only works when I install it with the self-signed certificate that WAC creates and it will say 60 days.

 

What else can I try?

 

Thanks !!

 

1 Reply

  • Francisco_M's avatar
    Francisco_M
    Brass Contributor
    Mar 02, 2026

    The certificate’s Subject Name does not match what WAC is configured to use

    WAC binds to the certificate using Subject Name, not SAN.

    If your certificate’s subject is an email address (as in your example), WAC will not match it.

    Example of your subject:

    E=email address removed for privacy reasons CN=email address removed for privacy reasons

    This is not valid for a WAC gateway certificate.

    WAC requires:

    CN=servergw.domain.com

    Even if SAN contains DNS names, WAC still matches on Subject Name, not SAN.


    Reissue the certificate with:

    • CN = servergw.domain.com
    • SAN = servergw.domain.com, servergw, etc.

    Then run:

    Import-Module "$env:ProgramFiles\WindowsAdminCenter\PowerShellModules\Microsoft.WindowsAdminCenter.Configuration" Set-WACCertificateSubjectName -SubjectName "servergw.domain.com"