?
Solved

Security Certificate error

Posted on 2016-08-19
5
Medium Priority
?
240 Views
Last Modified: 2016-08-22
I don't know much about certificate errors.  I have an internal App Server that when people go the the internal address (only option anyway)
it gives errors about an untrusted site.  How can i tell what security certificate the app/website is using on the server and whats the easiest way to get by this.  Unless there is something i am unaware of.... im not really concerned about security certificates on this web server because it is on our lan and not in the dmz.
advice?

Windows Server 2012
IIS Version 8.5.9600.16384
0
Comment
Question by:jamesmetcalf74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 41763073
I usually click on the lock in the brower on the address line.  What you do next to look at the certificate depends on the browser.  (It'll frequently let you know WHY something is untrusted.  Candidates include: Certificate not signed by a trusted root; Certificate expired; Certificate signed with a SHA1 signature, etc.)

From the server, you'll want to bring up the IIS Manager, and drill down to the webpage.  Right click, and select 'bindings', and select the https line.  It'll display the certificate it's using by it's friendly name.  (And to see which certificates are available on the server, close the bindings page, and select the server itself.  In the features view, under Security, you'll have an icon for 'Server Certificates'... selecting that will show you the certificates available to IIS in the certificate store.
0
 

Author Comment

by:jamesmetcalf74
ID: 41763076
Thanks Rich.
so i looked at the edit bindings for the default website (its the only website)  and there is only one for http.  there isn't one for https://
i also noticed a warning in the top right that says.  This site does not have a secure binding (HTTPS) and cannot accept SSL connections.

any more input from here?
0
 

Author Comment

by:jamesmetcalf74
ID: 41763094
so i have tried to add a binding for https to the default website.  there are some certificates that are available for me to choose from.  One that doesn't expire until 2040.  I select it and add the binding....
and it says.  this binding is already being used. If you continue etc....... do you want to use this binding anyway.  I don't see anything that indicates this binding is already being used in the bindings interface.  anybody know what gives?
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 2000 total points
ID: 41763099
Depending on the application... whether it's written to work with SSL, etc... you should be able to add a binding for https.  You'll need to make certain you have a certificate available before you can do that though... and the easiest way will be back on the 'Server Certificates' feature on the server itself.  From there, you have three relatively easy options:
  1. If you don't mind a self-signed certificate (basically untrusted by everyone.. but will provide encryption) -- you'll select 'Create Self-Signed Certificate...' from the Actions.
  2. If you have a Windows Certificate Authority (ADCS) in your environment, you'll select 'create domain certificate...' from the Actions.  (It'll use the Web Server template... and I still haven't found a way to change that from the tool in IIS.)
  3. If you need a trusted public certificate (and it doesn't sound like you do from your description), you can 'create a certificate request...' from Actions.  At that point you'll need to purchase a certificate from a public certificate authority (which can vary from free to several hundred dollars per year.)  The second part of that, 'Complete Certificate Request...' is the action you take when you get the signed certificate back from the certificate authority.

Once you have a usable certificate on the server, you can use that in the bindings on the site.  (And at that point, we have to hope the website author didn't do silly things like embed 'http' in their website.)
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 41763104
> binding already used...
Aha!  Do you have another website on that server that maybe has https: already bound on port 443?  If so, you have a little bit of a problem... in that only one certificate can be bound on a port on the server at a time.  :-(  (And if you do select okay at that point, you'll likely break the OTHER website, 'cause now it may have a certificate that doesn't correspond to THAT site.)

On the other hand, if you find which certificate that other website uses... you should be able to use that same certificate on the binding for this website.  (And at that point, you may get a certificate mismatch error on your website, but traffic can still be encrypted.)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here are the symptoms: You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out.  When you pull up the services, you notice that the WWW Publishing service isn't runn…
Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question