WAC - 'NET::ERR_CERT_COMMON_NAME_INVALID' opening error message

%3CLINGO-SUB%20id%3D%22lingo-sub-198001%22%20slang%3D%22en-US%22%3EWAC%20-%20'NET%3A%3AERR_CERT_COMMON_NAME_INVALID'%20opening%20error%20message%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-198001%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20anyone%20have%20any%20other%20ideas%20on%20how%20to%20resolve%20my%20below%20'Windows%20Admin%20Center'%20https%20page%20opening%20error%20message%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CU%3EProblem%3A%3C%2FU%3E%3C%2FP%3E%3CP%3E1)%20Chrome%20is%20showing%20%E2%80%9C%3CEM%3ENET%3A%3AERR_CERT_COMMON_NAME_INVALID%3C%2FEM%3E%E2%80%9D%20error%20message%20when%20trying%20to%20open%20the%20WAC%20home%20page.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2)%20The%20WAC%20Encryption%20Certificate%20%E2%80%98Properties%5CPath%E2%80%99%20tab%20within%20the%20Local%20Server%E2%80%99s%20%E2%80%98Local%20Machine%5CPersonal%5CCertificate%E2%80%99%20Certificate%20Store%2C%20shows%3A%3C%2FP%3E%3CP%3E%E2%80%9C%3CEM%3EThis%20CA%20Root%20certificate%20is%20not%20trusted%20because%20it%20is%20not%20in%20the%20Trusted%20Root%20Certification%20Authorities%20store%3C%2FEM%3E%E2%80%9D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CU%3EMy%20Environment%3C%2FU%3E%3C%2FP%3E%3CP%3E-%20WAC%20is%20installed%20on%20W2K16%20server%20within%20a%20W2K16%20AD%20network%20with%20AD%20Certificate%20Servers%20with%20WAC%20configured%20with%20a%20PKI%20SSL%20certificate%20issued%20from%20this%20AD%20CS%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20This%20https%20SSL%20cert%20within%20Chrome%20shows%20a%20status%20of%20%E2%80%98OK%E2%80%99%2C%20with%20the%20%E2%80%98Path%E2%80%99%20Properties%20tab%20showing%20the%20full%20path%20back%20to%20my%20Root%20CA%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20My%20Root%20CA%20cert%20is%20located%20within%20the%20%E2%80%98%3CEM%3ETrusted%20Root%20Certification%20Authorities%E2%80%99%3C%2FEM%3E%2C%20along%20with%20all%20the%20other%20required%20folders.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CU%3EI%20have%20tried%20the%20below%20troubleshooting%20tasks%20with%20no%20change%20in%20status%3A%3C%2FU%3E%3C%2FP%3E%3CP%3E-%20Exported%20and%20imported%20this%20%E2%80%98WAC%20Encryption%E2%80%99%20certificate%20to%20a%20vanilla%20W2K16%20server%2C%20but%20it%20still%20showed%20the%20%E2%80%9C%3CEM%3EThis%20CA%20Root%20certificate%20is%20not%20trusted%20because%20it%20is%20not%20in%20the%20Trusted%20Root%20Certification%20Authorities%20store%3C%2FEM%3E%E2%80%9D%20error%20message%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B-%20Opened%20up%20the%20WAC%20https%20site%20via%20using%20Chrome%E2%80%99s%20%E2%80%98incognito%E2%80%99%20page%20option.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3ECosmo%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-198144%22%20slang%3D%22en-US%22%3ERe%3A%20WAC%20-%20'NET%3A%3AERR_CERT_COMMON_NAME_INVALID'%20opening%20error%20message%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-198144%22%20slang%3D%22en-US%22%3E%3CP%3EI%20managed%20to%20discover%20the%20cause%2C%20that%20being%2C%20the%20WAC%20SSL%20Web%20Server%20PKI%20certificate%20I%20created%20from%20my%20AD%20CS%20certificate%20issuing%20IIS%20server%20didn't%20have%20a%20'Subject%20Alternative%20Name'%20attribute%20within%20the%20certificate.%20Actually%2C%20upon%20closer%20investigation%2C%20IIS%20doesn't%20allow%20you%20to%20enter%20a%20'SAN'%20FQDN%20at%20all....why%3F%3F%3F%3F%26nbsp%3B%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETIP%3A%20Create%20your%20WAC%20SSL%20Web%20server%20certificate%20from%20Windows%20local%20Certificate%20Authority%20Store%20MMC%20snap-in.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20problem%20is%20now%20resolved.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Does anyone have any other ideas on how to resolve my below 'Windows Admin Center' https page opening error message?

 

Problem:

1) Chrome is showing “NET::ERR_CERT_COMMON_NAME_INVALID” error message when trying to open the WAC home page.

 

2) The WAC Encryption Certificate ‘Properties\Path’ tab within the Local Server’s ‘Local Machine\Personal\Certificate’ Certificate Store, shows:

This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store

 

My Environment

- WAC is installed on W2K16 server within a W2K16 AD network with AD Certificate Servers with WAC configured with a PKI SSL certificate issued from this AD CS

 

- This https SSL cert within Chrome shows a status of ‘OK’, with the ‘Path’ Properties tab showing the full path back to my Root CA

 

- My Root CA cert is located within the ‘Trusted Root Certification Authorities’, along with all the other required folders.

 

I have tried the below troubleshooting tasks with no change in status:

- Exported and imported this ‘WAC Encryption’ certificate to a vanilla W2K16 server, but it still showed the “This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store” error message

 

 - Opened up the WAC https site via using Chrome’s ‘incognito’ page option.

 

 

Cheers,

Cosmo

1 Reply
Highlighted

I managed to discover the cause, that being, the WAC SSL Web Server PKI certificate I created from my AD CS certificate issuing IIS server didn't have a 'Subject Alternative Name' attribute within the certificate. Actually, upon closer investigation, IIS doesn't allow you to enter a 'SAN' FQDN at all....why????  :(

 

TIP: Create your WAC SSL Web server certificate from Windows local Certificate Authority Store MMC snap-in.

 

This problem is now resolved.