• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

Can't get a bad Certificate out of the system & browsers

Recommended Posts

Mr. Black    38

Hello Gentlemen,

 

I am running into an issue where all the browsers, and the system itself, have an incorrect certificate for my site
(https://www.thejuicegrinder.com), with Chrome reporting ERR_CERT_COMMON_NAME_INVALID because it has a certificate stored for my mail servers for some reason when I enter the URL.

It has the bad certificate somewhere in the system, because if I try to access it programatically via vb.net I get a SSL error too.
 

I have cleared the cache in Chrome, Edge, etc. I have cleared SSL state, etc. etc. etc.
All the stuff that Googling suggests, I have done.

Of course, going to the site on other machines or a VM there is no problem.

 

Does anyone have any suggestions? I'm stumped.

Share this post


Link to post
Share on other sites
ITOps    40

You need to get a new certificate or a wildcard certificate that uses the right common name, if you did you may just need to replace the certificate being served for the domain server side with the proper one as it is probably sharing the mail certificate by default.  Or if you do have a certificate that does have the proper common name you need to insure it is tied to be served from that domain.  As it is showing as invalid for other machines too:

 

https://www.sslshopper.com/ssl-checker.html#hostname=https://www.thejuicegrinder.com

 

Certificate Issues:

https://www.ssllabs.com/ssltest/analyze.html?d=www.thejuicegrinder.com&s=23.254.129.10&latest

 

Or you may need to 

Share this post


Link to post
Share on other sites
Mr. Black    38

ITops;

 

TL;DR first reply.

That's what I cannot figure out - the certificate is properly installed in IIS, I have no idea why there is an issue.

You see that, but LOL, it works fine on other machines?

 

Your first link shows an issue, then the 2nd one says it's fine.


I'm totally confused - the cert people said it was fine, that shows it isn't, it don't work on my machine but does on others.

Edited by Mr. Black

Share this post


Link to post
Share on other sites
ITOps    40

For the site that SSL is binded to the IP of the site and the mail cert binded to the to others?  If so restart IIS and do a fresh openssl cert test from your host to see what is going on.

 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)

 

In a worst case scenerio remove all the certificates and re-add them after restarting IIS.  More then likely something could be binded to it in memory.  If that doesn't work restart the physical server (Windows Fix).

Share this post


Link to post
Share on other sites
xendrome    5,360

IS the date/time/year correct on your workstation?

Share this post


Link to post
Share on other sites
Mr. Black    38

I'm not sure where the issue arose, but I changed IIS to "Use All Unassigned" and the issue stopped.
I also added Use Server Name Identification.
 

Was working fine before, so...
Doesn't matter, I'm transferring servers and will have enough IP's for them to truly be dedicated to one purpose (i.e. current is shared)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.