Forum Discussion
Windows Admin Center v2.4 will not use SAN Cert
Thank you luchete.
Yeah, the SAN cert(s) were installed in the "Personal" store. It looks like the New-WebBinding cmdlets don't exist, and I'm guessing they are only installed if IIS is installed. Unfortunately, WAC v2 doesn't use IIS anymore.
I tried to generate many different certificates, with various certificate templates. Even one that was similar to the Computer AutoEnroll certificate template, but I just manually fill in the Common Name and DNS (Subject Alternative Name), and both use nearly all of the same cert template settings, and all I get is the "Connection Closed" error when trying to access the website.
Since this will be used internal only, it's not really that big of a deal. It would be nice if the next build brought back the ability to update the certificate within the actual website itself, instead of running the installer each time or using the Set-WacCertificateSubjectName -Thumbprint <certificate thumbprint>.
are you matching common and DNS SAN with the same FQDN? I ask because its working in my environment, also if you are using something other than the hostname, you need to run the installer as custom.
PatAbbottI am not sure how I missed this. Yeah, the SAN cert is matched between common and DNS SAN (alternative). It seems that the autoenroll certificate the server gets is the issue but not sure why. If the autoenrolled server certificate is present on the server, Admin Center will only use that certificate and won't use any other certificate, even when assigning it to another certificate using "custom".
We prevented that server from getting an autoenroll cert as a test, and we can use a different SAN cert. Not quite sure what's going on.