Forum Discussion
NET::ERR_CERT_COMMON_NAME_INVALID
In a clean lab environment I installed 2 Windows Server 2019 servers.
On the first server I installed:
- Active Directory Domain Services
- Active Directory Certificate Services with:
- Certification Authority
- Certification authority Web enrollment
I joined the second server to the same AD domain and installed
- IIS
From IIS I attempted to get a certificate using either:
- Create domain certificate
- Create certificate request
I attempted associating either certificates to the Default Web site but I go on getting the same error:
NET::ERR_CERT_COMMON_NAME_INVALID
that means:
This server couldn't prove that it's myserver.mydomain.local; its security certificate does not specify Subject Alternative Names.
This may be caused by a misconfiguration or an attacker intercepting your connection.
Am I missing any relevant step?
How can I solve the problem?
Regards
- Test environment, I assume VMs. Even in test you should not have anything on DC as apart from AD (plain & simple)
Error means exactly this, the DNS is incorrect (for the website), and you also need to have DNS in SANMany thanks for your message.
On my DC I have only AD and CA, and, as you say, the certificate is missing a SAN.
In the meantime I made some further investigation and I found a complete, working solution on page https://lalmohan.co.nz/2020/02/10/create-and-install-a-san-certificate-subject-alternative-name-in-windows-without-third-party-tools/?blogsub=confirming#subscribe-blog
I hope it can be useful for other people.
Many thanks, anyway
- AD CA should ALWAYS be on a separate server
