Link to home
Create AccountLog in
Avatar of Colin
ColinFlag for United States of America

asked on

Accessing Company website from inside our Network is marked unsafe

Having issues with our company website being viewed inside our network. We switched over to use the SSL (HTTPS) and every time I navigate with inside our company network to the webpage I get the "Not Secure" icon in the browser field and when I click on it it says the certificate is invalid.

What could be causing this?

Any ideas? Could it be a setting inside our IIS ?

Thanks in advance
Avatar of masnrock
masnrock
Flag of United States of America image

What happens when you try to access from outside of the network?

Also, when you try to access the site from inside the network, are you going directly to the internal IP address?
Avatar of Colin

ASKER

From outside the Network its fine. No issues at all no warning that the site is not safe. I believe the SSL certificate works correctly.

I am typing the web address and not the IP address
ASKER CERTIFIED SOLUTION
Avatar of masnrock
masnrock
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I am typing the web address and not the IP address

Do you use exactly the same URL to access the site from inside and outside?
Avatar of Colin

ASKER

DrDave....

Yes I do
Please answer
Do a nslookup from inside of the network. Is the result the public or private IP address of the server?
Avatar of Colin

ASKER

Ok it gives me two IP address - both of which I type directly into the browser with the https:// and it give me both the same result. the alias only has the company address name.
Are the two addresses you get public or private?
Avatar of Colin

ASKER

those are public IP address sorry.
Does doing nslookup from an outside system produce the same results?

Have you viewed the certificate in your browser? Does anything look different than what it should?
Avatar of Colin

ASKER

when I Im looking at it from the outside it give me a different public IP address.
Avatar of Colin

ASKER

It also has the ssl name in the name field that is different from the one nslookup when I do it inside our network
Avatar of Colin

ASKER

So it seems that the Name section of the nslookup response and the address are both different when compared to the inside the network versus outside the network.

how can I update the ssl then at this point. Do I need to create a new CSR record inside my IIS?
Why are you getting different results from the outside? You may want to look into that.
Avatar of Colin

ASKER

Well the difference is that the SSL certificate from outside the network is the correct SSL certificate and the internal one is the old non-SLL certificate and that is the issue I believe so the question is where do I go to update that?
When accessing from the "outside" do you go directly to the IIS server or is there a load balancer that might be offloading SSL.

When you access from inside is the host name on the certificate the same as the host name you are typing in?
Avatar of Colin

ASKER

Accessing from the outside we would go through our IIS server.

No the host names are different.
Well the difference is that the SSL certificate from outside the network is the correct SSL certificate and the internal one is the old non-SLL certificate and that is the issue I believe so the question is where do I go to update that?
Remember that you said that the IP addresses you're getting as results are different based on whether you're inside or outside of the network.

Do you use exactly the same URL to access the site from inside and outside?
I know you've answered yes to this. Is there an entry for this site in your internal DNS? If so, what happens if you take it out?
Avatar of Colin

ASKER

masnrock,

Checking in the DNS yes there is one in the forward lookup Zones. It is piint to a public address that does not match the nslookup in either inside the network or outside the network.

What should I change it to?
Hi,
You need to use the same hostname both inside and outside.
Get your DNS internally to use the same hostname as the external and point it to the internal IIS ip and let us know how that works.
Avatar of Colin

ASKER

OK inside the DNS Forward Lookup Zones I changed the Alias (CNAME) to match the Name returned in the outside the network nslookup. Do I need to change the IP address to match?
You can either use the ip you get externally or use the internal ip of your IIS.
Test with either.
Avatar of Colin

ASKER

I tried both and neither worked with the new IP address
when you ping the hostname which ip does it show?
if it doesn't show the one you set on your dns open a cmd on your pc and run "ipconfig /flushdns"
see if after that the correct ip is listed and test the website again.
Guessing tends to increase time to debug.

Publish your public URL as a starting point.
You say it is not trusted when on the internal network.. what you need to do is look at the certificate and compare what your browser is getting and what it is expecting.  You may have to add a Subject Alternative Name to your certificate.
Avatar of Yaku Kakashi
Yaku Kakashi

you should check your SSL for you to find what errors may get. may probkem with the SSL...