Accessing Company website from inside our Network is marked unsafe
Having issues with our company website being viewed inside our network. We switched over to use the SSL (HTTPS) and every time I navigate with inside our company network to the webpage I get the "Not Secure" icon in the browser field and when I click on it it says the certificate is invalid.
What could be causing this?
Any ideas? Could it be a setting inside our IIS ?
Thanks in advance
What could be causing this?
Any ideas? Could it be a setting inside our IIS ?
Thanks in advance
ASKER
From outside the Network its fine. No issues at all no warning that the site is not safe. I believe the SSL certificate works correctly.
I am typing the web address and not the IP address
I am typing the web address and not the IP address
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I am typing the web address and not the IP address
Do you use exactly the same URL to access the site from inside and outside?
ASKER
DrDave....
Yes I do
Yes I do
Please answer
Do a nslookup from inside of the network. Is the result the public or private IP address of the server?
ASKER
Ok it gives me two IP address - both of which I type directly into the browser with the https:// and it give me both the same result. the alias only has the company address name.
Are the two addresses you get public or private?
ASKER
those are public IP address sorry.
Does doing nslookup from an outside system produce the same results?
Have you viewed the certificate in your browser? Does anything look different than what it should?
Have you viewed the certificate in your browser? Does anything look different than what it should?
ASKER
when I Im looking at it from the outside it give me a different public IP address.
ASKER
It also has the ssl name in the name field that is different from the one nslookup when I do it inside our network
ASKER
So it seems that the Name section of the nslookup response and the address are both different when compared to the inside the network versus outside the network.
how can I update the ssl then at this point. Do I need to create a new CSR record inside my IIS?
how can I update the ssl then at this point. Do I need to create a new CSR record inside my IIS?
Why are you getting different results from the outside? You may want to look into that.
ASKER
Well the difference is that the SSL certificate from outside the network is the correct SSL certificate and the internal one is the old non-SLL certificate and that is the issue I believe so the question is where do I go to update that?
When accessing from the "outside" do you go directly to the IIS server or is there a load balancer that might be offloading SSL.
When you access from inside is the host name on the certificate the same as the host name you are typing in?
When you access from inside is the host name on the certificate the same as the host name you are typing in?
ASKER
Accessing from the outside we would go through our IIS server.
No the host names are different.
No the host names are different.
Well the difference is that the SSL certificate from outside the network is the correct SSL certificate and the internal one is the old non-SLL certificate and that is the issue I believe so the question is where do I go to update that?Remember that you said that the IP addresses you're getting as results are different based on whether you're inside or outside of the network.
Do you use exactly the same URL to access the site from inside and outside?I know you've answered yes to this. Is there an entry for this site in your internal DNS? If so, what happens if you take it out?
ASKER
masnrock,
Checking in the DNS yes there is one in the forward lookup Zones. It is piint to a public address that does not match the nslookup in either inside the network or outside the network.
What should I change it to?
Checking in the DNS yes there is one in the forward lookup Zones. It is piint to a public address that does not match the nslookup in either inside the network or outside the network.
What should I change it to?
Hi,
You need to use the same hostname both inside and outside.
Get your DNS internally to use the same hostname as the external and point it to the internal IIS ip and let us know how that works.
You need to use the same hostname both inside and outside.
Get your DNS internally to use the same hostname as the external and point it to the internal IIS ip and let us know how that works.
ASKER
OK inside the DNS Forward Lookup Zones I changed the Alias (CNAME) to match the Name returned in the outside the network nslookup. Do I need to change the IP address to match?
You can either use the ip you get externally or use the internal ip of your IIS.
Test with either.
Test with either.
ASKER
I tried both and neither worked with the new IP address
when you ping the hostname which ip does it show?
if it doesn't show the one you set on your dns open a cmd on your pc and run "ipconfig /flushdns"
see if after that the correct ip is listed and test the website again.
if it doesn't show the one you set on your dns open a cmd on your pc and run "ipconfig /flushdns"
see if after that the correct ip is listed and test the website again.
Guessing tends to increase time to debug.
Publish your public URL as a starting point.
Publish your public URL as a starting point.
You say it is not trusted when on the internal network.. what you need to do is look at the certificate and compare what your browser is getting and what it is expecting. You may have to add a Subject Alternative Name to your certificate.
you should check your SSL for you to find what errors may get. may probkem with the SSL...
Also, when you try to access the site from inside the network, are you going directly to the internal IP address?