0

We have a Windows Server 2016 that we use as a web server hosted on premise and we host numerous web applications under the Default Web Site in IIS. All applications are reached by using the server name, only. There are no fully qualified domain names. I want to use an SSL certificate. I went to the Default Web Site bindings and selected the certified that we want to use. I receive the following error message in the browser when I navigate to https://servername/appname.

This server could not prove that it is SERVERNAME; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.

What do I need to do to resolve this error?

tnk479
  • 101
  • 1
  • 3
  • 2
    It sounds like you are trying to run HTTPS on an internal LAN. You'll be hardpressed to find a CA that will issue a certificate to you with just a hostname in the CN or SAN field, and not a FQDN. See https://security.stackexchange.com/questions/121163/how-do-i-run-proper-https-on-an-internal-network for more info other options. – mti2935 Mar 23 '22 at 19:40
  • are you using internal CA or purchased certs from commercial CA? – Crypt32 Mar 24 '22 at 06:56
  • purchased cert. – tnk479 Mar 30 '22 at 17:25

0 Answers0