We help IT Professionals succeed at work.

Accessing Company website from inside our Network is marked unsafe

Having issues with our company website being viewed inside our network. We switched over to use the SSL (HTTPS) and every time I navigate with inside our company network to the webpage I get the "Not Secure" icon in the browser field and when I click on it it says the certificate is invalid.

What could be causing this?

Any ideas? Could it be a setting inside our IIS ?

Thanks in advance
Comment
Watch Question

Distinguished Expert 2019

Commented:
What happens when you try to access from outside of the network?

Also, when you try to access the site from inside the network, are you going directly to the internal IP address?

Author

Commented:
From outside the Network its fine. No issues at all no warning that the site is not safe. I believe the SSL certificate works correctly.

I am typing the web address and not the IP address
Distinguished Expert 2019
Commented:
I am typing the web address and not the IP address
Do a nslookup from inside of the network. Is the result the public or private IP address of the server?

Also look at the certificate errors you're getting. Let us know what those are.
DrDave242Principal Support Engineer

Commented:
I am typing the web address and not the IP address

Do you use exactly the same URL to access the site from inside and outside?

Author

Commented:
DrDave....

Yes I do
Shaun VermaakSenior Consultant
Awarded 2017
Distinguished Expert 2019

Commented:
Please answer
Do a nslookup from inside of the network. Is the result the public or private IP address of the server?

Author

Commented:
Ok it gives me two IP address - both of which I type directly into the browser with the https:// and it give me both the same result. the alias only has the company address name.
Distinguished Expert 2019

Commented:
Are the two addresses you get public or private?

Author

Commented:
those are public IP address sorry.
Distinguished Expert 2019

Commented:
Does doing nslookup from an outside system produce the same results?

Have you viewed the certificate in your browser? Does anything look different than what it should?

Author

Commented:
when I Im looking at it from the outside it give me a different public IP address.

Author

Commented:
It also has the ssl name in the name field that is different from the one nslookup when I do it inside our network

Author

Commented:
So it seems that the Name section of the nslookup response and the address are both different when compared to the inside the network versus outside the network.

how can I update the ssl then at this point. Do I need to create a new CSR record inside my IIS?
Distinguished Expert 2019

Commented:
Why are you getting different results from the outside? You may want to look into that.

Author

Commented:
Well the difference is that the SSL certificate from outside the network is the correct SSL certificate and the internal one is the old non-SLL certificate and that is the issue I believe so the question is where do I go to update that?
Top Expert 2014

Commented:
When accessing from the "outside" do you go directly to the IIS server or is there a load balancer that might be offloading SSL.

When you access from inside is the host name on the certificate the same as the host name you are typing in?

Author

Commented:
Accessing from the outside we would go through our IIS server.

No the host names are different.
Distinguished Expert 2019

Commented:
Well the difference is that the SSL certificate from outside the network is the correct SSL certificate and the internal one is the old non-SLL certificate and that is the issue I believe so the question is where do I go to update that?
Remember that you said that the IP addresses you're getting as results are different based on whether you're inside or outside of the network.

Do you use exactly the same URL to access the site from inside and outside?
I know you've answered yes to this. Is there an entry for this site in your internal DNS? If so, what happens if you take it out?

Author

Commented:
masnrock,

Checking in the DNS yes there is one in the forward lookup Zones. It is piint to a public address that does not match the nslookup in either inside the network or outside the network.

What should I change it to?
Edmond HawilaChief Operating Officer

Commented:
Hi,
You need to use the same hostname both inside and outside.
Get your DNS internally to use the same hostname as the external and point it to the internal IIS ip and let us know how that works.

Author

Commented:
OK inside the DNS Forward Lookup Zones I changed the Alias (CNAME) to match the Name returned in the outside the network nslookup. Do I need to change the IP address to match?
Edmond HawilaChief Operating Officer

Commented:
You can either use the ip you get externally or use the internal ip of your IIS.
Test with either.

Author

Commented:
I tried both and neither worked with the new IP address
Edmond HawilaChief Operating Officer

Commented:
when you ping the hostname which ip does it show?
if it doesn't show the one you set on your dns open a cmd on your pc and run "ipconfig /flushdns"
see if after that the correct ip is listed and test the website again.
David FavorFractional CTO
Distinguished Expert 2019

Commented:
Guessing tends to increase time to debug.

Publish your public URL as a starting point.
Distinguished Expert 2019

Commented:
You say it is not trusted when on the internal network.. what you need to do is look at the certificate and compare what your browser is getting and what it is expecting.  You may have to add a Subject Alternative Name to your certificate.
you should check your SSL for you to find what errors may get. may probkem with the SSL...