SSL certificate problem when attempting to access company Public Website from internal company PC - same domain space

My company uses the same domain internally and externally. The internal Windows domain is and the company’s public website is

A WWW A record on the internal Windows DNS server points to the public IP of the hosting server to allow  staff to access the public website.

Both internal and external users can access HTTPS:\\

However, when internal clients try to access https:\\\wp-conten\ a certificate error occurs – NET::ERR_CERT_AUTHORITY_INVALID (External users do not have this problem).

If I change an internal PC to use  DNS (Goodle DNS) all works fine.

I think this is related to resolving to an internal private IP when accessed from an internal PC and resolving to the public IP of the hosting server when accessed from an external PC.

Attached are the certificates returned when accessed internally and externally.
ADJ WorldSysAdminAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

it seems that wherever you accessing web site internally your web site public certificate is replaced with some firewall / proxy or more ever actual hostname of server

Can you check when internal user access web site, and when they get errors, what is the url you seen in web browser?
ADJ WorldSysAdminAuthor Commented:
Sorry, https doesn't work at all internally -  Internally OK - SSL cert error

(both URL's work fine externally)

The URL internal users see is when the SSL error.  

Internally resolves to the Public IP of the Host while resolves to a company domain controller.
Ashok DewanFreelancerCommented:
Issue could be like that. Few months ago, I created website and also certificates to provide security via SSL.
I created below website.
example :-

When I accessed above website with ->> everything was fine
But when I accessed above website with ->> I got SSL error

Then I captured traffic with wireshark to get knowledge why I do not receive error in both cases when I open and
Solution:- in facebook public's key, they added their subdomain names as "Subject Alternative Name" such as, etc.
if I open with any name or without WWW then I don't receive error.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Ashok DewanFreelancerCommented:
Sorry, but may be in your case ROOT CAUSE could be different

To correct my error, I added * and in "Subject Alt Names" in certificates
how many IPs you have with web server internally?
also how many www records do you have with internal dns pointing to
from website certificate bindings, ensure that you have only one binding for 80 and one binding for 443
rest of all bindings should be removed and only single Ip should be binded to public cert for SSL traffic
It sounds that web server have multiple IPs and self signed server cert is binded to one of those IPs and when www URL resolves to that IP, it getting cert error.
you will also get error when you enter "" as it will resolve to DC?
Your test of using Google IPs was on the right path, but you tested the wrong thing
What you need to do is run nslookup of each of the hostnames using internal name servers recording where it points.
Then look on the internal system to which these names resolve, and make sure the same certificates are installed.

The other option, while using the internal DNS, access and view the certificate that is presented.

Sounds as though you have one site being accessed from the inside (points to an internal ip) while the external access points to a public ip that lands on a different system or hits the public hosted site elsewhere.

This is common when the AD uses a public domain, I.e. versus mydomain.local or private......

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ADJ WorldSysAdminAuthor Commented:
Thanks for the responses. The issue ended up  being easy and I don;t know how I didn't spot it to begin with.

The internal DNS was resolving directly to the Public IP of the hosting server, while Internet DNS was resolving to a security proxy service called CloudFlare, CloudFlare provided the SSL encryption to the browser but actually connects to the hosting server,  which  uses a self signed certificate - CloudFlare 'ignores' the  CA warning.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.