Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 03:30 PM (PDT)
Microsoft Tech Community
LIVE

NET::ERR_CERT_COMMON_NAME_INVALID

Brass Contributor

In a clean lab environment I installed 2 Windows Server 2019 servers.
On the first server I installed:
- Active Directory Domain Services
- Active Directory Certificate Services with:
- Certification Authority
- Certification authority Web enrollment
I joined the second server to the same AD domain and installed
- IIS
From IIS I attempted to get a certificate using either:
- Create domain certificate
- Create certificate request
I attempted associating either certificates to the Default Web site but I go on getting the same error:

NET::ERR_CERT_COMMON_NAME_INVALID

that means:

This server couldn't prove that it's myserver.mydomain.local; its security certificate does not specify Subject Alternative Names.
This may be caused by a misconfiguration or an attacker intercepting your connection.

Am I missing any relevant step?
How can I solve the problem?
Regards

5 Replies
Test environment, I assume VMs. Even in test you should not have anything on DC as apart from AD (plain & simple)
Error means exactly this, the DNS is incorrect (for the website), and you also need to have DNS in SAN

@Sebastian Cerazy 

Many thanks for your message.

On my DC I have only AD and CA, and, as you say, the certificate is missing a SAN.

In the meantime I made some further investigation and I found a complete, working solution on page https://lalmohan.co.nz/2020/02/10/create-and-install-a-san-certificate-subject-alternative-name-in-w...

I hope it can be useful for other people.

Many thanks, anyway

 

AD CA should ALWAYS be on a separate server
You need to setup correct template for webserver, where the fields are filled & not auto created
"Proceed without enrollment policy" is not correct setup (it will work, just not the right way to do it)

Thank you@Marius_Roma 
Your link worked perfect for me and solved my problem.