Does anyone have any other ideas on how to resolve my below 'Windows Admin Center' https page opening error message?
1) Chrome is showing “NET::ERR_CERT_COMMON_NAME_INVALID” error message when trying to open the WAC home page.
2) The WAC Encryption Certificate ‘Properties\Path’ tab within the Local Server’s ‘Local Machine\Personal\Certificate’ Certificate Store, shows:
“This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store”
- WAC is installed on W2K16 server within a W2K16 AD network with AD Certificate Servers with WAC configured with a PKI SSL certificate issued from this AD CS
- This https SSL cert within Chrome shows a status of ‘OK’, with the ‘Path’ Properties tab showing the full path back to my Root CA
- My Root CA cert is located within the ‘Trusted Root Certification Authorities’, along with all the other required folders.
I have tried the below troubleshooting tasks with no change in status:
- Exported and imported this ‘WAC Encryption’ certificate to a vanilla W2K16 server, but it still showed the “This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store” error message
- Opened up the WAC https site via using Chrome’s ‘incognito’ page option.
I managed to discover the cause, that being, the WAC SSL Web Server PKI certificate I created from my AD CS certificate issuing IIS server didn't have a 'Subject Alternative Name' attribute within the certificate. Actually, upon closer investigation, IIS doesn't allow you to enter a 'SAN' FQDN at all....why???? :(
TIP: Create your WAC SSL Web server certificate from Windows local Certificate Authority Store MMC snap-in.