Accessing Company website from inside our Network is marked unsafe

Having issues with our company website being viewed inside our network. We switched over to use the SSL (HTTPS) and every time I navigate with inside our company network to the webpage I get the "Not Secure" icon in the browser field and when I click on it it says the certificate is invalid.

What could be causing this?

Any ideas? Could it be a setting inside our IIS ?

Thanks in advance
cmdolcetAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

masnrockCommented:
What happens when you try to access from outside of the network?

Also, when you try to access the site from inside the network, are you going directly to the internal IP address?
cmdolcetAuthor Commented:
From outside the Network its fine. No issues at all no warning that the site is not safe. I believe the SSL certificate works correctly.

I am typing the web address and not the IP address
masnrockCommented:
I am typing the web address and not the IP address
Do a nslookup from inside of the network. Is the result the public or private IP address of the server?

Also look at the certificate errors you're getting. Let us know what those are.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

DrDave242Senior Support EngineerCommented:
I am typing the web address and not the IP address

Do you use exactly the same URL to access the site from inside and outside?
cmdolcetAuthor Commented:
DrDave....

Yes I do
Shaun VermaakTechnical SpecialistCommented:
Please answer
Do a nslookup from inside of the network. Is the result the public or private IP address of the server?
cmdolcetAuthor Commented:
Ok it gives me two IP address - both of which I type directly into the browser with the https:// and it give me both the same result. the alias only has the company address name.
masnrockCommented:
Are the two addresses you get public or private?
cmdolcetAuthor Commented:
those are public IP address sorry.
masnrockCommented:
Does doing nslookup from an outside system produce the same results?

Have you viewed the certificate in your browser? Does anything look different than what it should?
cmdolcetAuthor Commented:
when I Im looking at it from the outside it give me a different public IP address.
cmdolcetAuthor Commented:
It also has the ssl name in the name field that is different from the one nslookup when I do it inside our network
cmdolcetAuthor Commented:
So it seems that the Name section of the nslookup response and the address are both different when compared to the inside the network versus outside the network.

how can I update the ssl then at this point. Do I need to create a new CSR record inside my IIS?
masnrockCommented:
Why are you getting different results from the outside? You may want to look into that.
cmdolcetAuthor Commented:
Well the difference is that the SSL certificate from outside the network is the correct SSL certificate and the internal one is the old non-SLL certificate and that is the issue I believe so the question is where do I go to update that?
giltjrCommented:
When accessing from the "outside" do you go directly to the IIS server or is there a load balancer that might be offloading SSL.

When you access from inside is the host name on the certificate the same as the host name you are typing in?
cmdolcetAuthor Commented:
Accessing from the outside we would go through our IIS server.

No the host names are different.
masnrockCommented:
Well the difference is that the SSL certificate from outside the network is the correct SSL certificate and the internal one is the old non-SLL certificate and that is the issue I believe so the question is where do I go to update that?
Remember that you said that the IP addresses you're getting as results are different based on whether you're inside or outside of the network.

Do you use exactly the same URL to access the site from inside and outside?
I know you've answered yes to this. Is there an entry for this site in your internal DNS? If so, what happens if you take it out?
cmdolcetAuthor Commented:
masnrock,

Checking in the DNS yes there is one in the forward lookup Zones. It is piint to a public address that does not match the nslookup in either inside the network or outside the network.

What should I change it to?
Edmond HawilaChief Operating OfficerCommented:
Hi,
You need to use the same hostname both inside and outside.
Get your DNS internally to use the same hostname as the external and point it to the internal IIS ip and let us know how that works.
cmdolcetAuthor Commented:
OK inside the DNS Forward Lookup Zones I changed the Alias (CNAME) to match the Name returned in the outside the network nslookup. Do I need to change the IP address to match?
Edmond HawilaChief Operating OfficerCommented:
You can either use the ip you get externally or use the internal ip of your IIS.
Test with either.
cmdolcetAuthor Commented:
I tried both and neither worked with the new IP address
Edmond HawilaChief Operating OfficerCommented:
when you ping the hostname which ip does it show?
if it doesn't show the one you set on your dns open a cmd on your pc and run "ipconfig /flushdns"
see if after that the correct ip is listed and test the website again.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Guessing tends to increase time to debug.

Publish your public URL as a starting point.
David Johnson, CD, MVPOwnerCommented:
You say it is not trusted when on the internal network.. what you need to do is look at the certificate and compare what your browser is getting and what it is expecting.  You may have to add a Subject Alternative Name to your certificate.
Yaku KakashiCommented:
you should check your SSL for you to find what errors may get. may probkem with the SSL...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
iis8

From novice to tech pro — start learning today.