CertSrv is requesting certificates with FQDN but not with Server IP
We have webserver where certificate Authority webenrollment role installed and it is pointing to Issuing CA
When ever we try https://webservername/certsrv then i can able to request certificates
but when i try https://webserver<Ip Address>/certsrv then in the last step while requesting certificate the following error appears... can anyone help to resolve this
When ever we try https://webservername/certsrv then i can able to request certificates
but when i try https://webserver<Ip Address>/certsrv then in the last step while requesting certificate the following error appears... can anyone help to resolve this
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> "then it is working fine"
When you say, 'it is working fine'... you don't receive a certificate error on the webpage? (Yes, it will likely connect if you bypass the warning, but I suspect you're still getting a certificate warning.) Don't know for certain if it'll work, but I suspect you'll need to replace the certificate on the CA webpage with a certificate with a Subject Alternate Name which includes the CA server ip address. (And I don't know for certain if you can replace that certificate without causing an issue. :-( No lab machine handy to test.)
When you say, 'it is working fine'... you don't receive a certificate error on the webpage? (Yes, it will likely connect if you bypass the warning, but I suspect you're still getting a certificate warning.) Don't know for certain if it'll work, but I suspect you'll need to replace the certificate on the CA webpage with a certificate with a Subject Alternate Name which includes the CA server ip address. (And I don't know for certain if you can replace that certificate without causing an issue. :-( No lab machine handy to test.)
ASKER
Hi Rich, thanks for checking on this,
the issue was completely different and i guess you thought we are facing certificate error while accessing the URL
but the original issue when i try to access https://webservername/certsrv and i can request and download certificates.
when i try https://webserver<IP>/certsrv , then i can view the website everything is working until i click the submit button on certificate request. once submit button clicked im facing the RPC error screenshot attached in the question of this thread.
I have verified some technet articles and i come to know that SPN can only work on hsotnames of FQDNs and not on IP addresses. is it true?? can you confirm based on your knowledge?
below link tell the same concept but in different issue
https://support.microsoft.com/en-ca/help/322979/kerberos-is-not-used-when-you-connect-to-smb-shares-by-using-ip-addres
the issue was completely different and i guess you thought we are facing certificate error while accessing the URL
but the original issue when i try to access https://webservername/certsrv and i can request and download certificates.
when i try https://webserver<IP>/certsrv , then i can view the website everything is working until i click the submit button on certificate request. once submit button clicked im facing the RPC error screenshot attached in the question of this thread.
I have verified some technet articles and i come to know that SPN can only work on hsotnames of FQDNs and not on IP addresses. is it true?? can you confirm based on your knowledge?
below link tell the same concept but in different issue
https://support.microsoft.com/en-ca/help/322979/kerberos-is-not-used-when-you-connect-to-smb-shares-by-using-ip-addres
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No problem Thanks mate.. :)
I'm closing this question as i have opened new thread for this continuation
https://www.experts-exchange.com/questions/29059231/SPN-Deligation-for-IP-address-is-possible-GMSA.html
I'm closing this question as i have opened new thread for this continuation
https://www.experts-exchange.com/questions/29059231/SPN-Deligation-for-IP-address-is-possible-GMSA.html
ASKER
so now i need to configure this certificate console for external access in load balancer. so how to proceed this after configure i cannot req certificates . im facing the same issue