Posted Tue, 22 Jun 2021 14:11:49 GMT by Darrell Yaw Support Specialist
I'm trying to get our customer's ahead of the change coming in Chrome next month.  I followed the instructions referenced by DocuWare Tech Support about creating a self-signed certificate from Sophos.  I am able to use https to login to the web client, but Chrome still reports the site as 'not secure'
Posted Tue, 22 Jun 2021 14:26:22 GMT by Gilles Sauvagnat Altexence
Hi Darrell
My advise; do not use self-signed certificate !
Regards
Gilles
Posted Wed, 23 Jun 2021 12:55:19 GMT by Craig Heintz SE
I agree with Gilles.  However, if you must, you have create a self signed cert that includes the Subject Alternative Name (SAN) values for it to work.
Simply going to iis and creating a self signed cert does not work.
Posted Wed, 23 Jun 2021 13:18:35 GMT by Darrell Yaw Support Specialist
I found a PowerShell command that works for Server 2019, but will not work for 2012 R2, to create a self-signed certificate that worked.  Anybody have one that will work for 2012 R2?
Posted Wed, 23 Jun 2021 13:51:29 GMT by Darrell Yaw Support Specialist
Here's what happens to a test on Server 2016:

New-SelfSignedCertificate -Subject "localhost" -TextExtension @("2.5.29.17={text}DNS=localhost&IPAddress=127.0.0.1&IPAddress=::1")

New-SelfSignedCertificate : CertEnroll::CX509Enrollment::_CreateRequest: Access denied. 0x80090010 (-2146893808
NTE_PERM)
At line:1 char:1
+ New-SelfSignedCertificate -Subject "localhost" -TextExtension @("2.5. ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-SelfSignedCertificate], Exception
    + FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.Commands.NewSelfSignedCertificateCommand
Posted Wed, 23 Jun 2021 14:20:09 GMT by Darrell Yaw Support Specialist

I forgot to run as administrator.

What is the usage of: Subject Alternative Name (SAN)?

You must be signed in to post in this forum.