Avatar of netwrked
netwrked asked on

Problem with Web Server Certificate when accessing site by IP Address

We have a specialized IIS 6.0 web server running under Server 2003 that one of our applications uses to transfer information between sites.  The site has a FQDN and the certificates are loaded properly on both the server and what would consider to be the "client" machine.

The "client" uses an automated process to access the web server.  However, due to configuration constraints, the "client" cannot use the FQDN, so it must access the system via the IP address.

The problem is that now the system hangs up on the "There is a problem with this website's security certificate" message.  Since this is an automated process, there is no way to "click" on "Continue to this website (not recommended)" link.

If you do go to the FQDN, the site works fine.  Unfortunately, that is not an option with the custom program we are using.  We must access via IP address only.

I see no way to issue a certificate based on IP address versus FQDN.  Does anyone know a registry setting or other fix that will always ignore the "Continue to this website...." message?

Thanks,

Joe
Web BrowsersSecurityWeb Servers

Avatar of undefined
Last Comment
netwrked

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
CoccoBill

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Paranormastic

Windows CA does allow issuing to IP addresses for the subject name.  What you would probably want to do is to issue the certificate using a Subject Alternative Name (SAN).  Basically you choose one name for the subject for the CSR, then when you submit to the certsrv page you use the Attributes field to include DNS=www.domain.com&IP=192.168.0.1&DNS=hostname

Note that you need SAN enabled on the CA for this to work.  Refer to this document for more info:
http://support.microsoft.com/kb/931351

If you are using public certs, consider a Unified Communications Certificate (UCC or UC Cert), sometimes referred to as multi-domain certificate.  Pretty much the same thing - you submit the CSR and then they provide a text field where you can just type in on separate lines what you want to be valid - these can be hostnames, IP addresses, DNS names/aliases, etc.  They cost a bit more but worth it when you need one.  Most commercial CAs will offer these (Verisign, Comodo, GoDaddy, etc.).
ASKER
netwrked

The self cert worked great since our CA does not allow IP's....many thanks!
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck