Need help with creating SSL certificate

Posted Tue, 22 Jun 2021 14:11:49 GMT by Darrell Yaw Support Specialist

I'm trying to get our customer's ahead of the change coming in Chrome next month. I followed the instructions referenced by DocuWare Tech Support about creating a self-signed certificate from Sophos. I am able to use https to login to the web client, but Chrome still reports the site as 'not secure'

Posted Tue, 22 Jun 2021 14:26:22 GMT by Gilles Sauvagnat Altexence Président

Hi Darrell
My advise; do not use self-signed certificate !
Regards
Gilles

Posted Wed, 23 Jun 2021 12:55:19 GMT by Craig Heintz SE

I agree with Gilles. However, if you must, you have create a self signed cert that includes the Subject Alternative Name (SAN) values for it to work.
Simply going to iis and creating a self signed cert does not work.

Posted Wed, 23 Jun 2021 13:18:35 GMT by Darrell Yaw Support Specialist

I found a PowerShell command that works for Server 2019, but will not work for 2012 R2, to create a self-signed certificate that worked. Anybody have one that will work for 2012 R2?

Posted Wed, 23 Jun 2021 13:51:29 GMT by Darrell Yaw Support Specialist

Here's what happens to a test on Server 2016:

New-SelfSignedCertificate -Subject "localhost" -TextExtension @("2.5.29.17={text}DNS=localhost&IPAddress=127.0.0.1&IPAddress=::1")

New-SelfSignedCertificate : CertEnroll::CX509Enrollment::_CreateRequest: Access denied. 0x80090010 (-2146893808
NTE_PERM)
At line:1 char:1
+ New-SelfSignedCertificate -Subject "localhost" -TextExtension @("2.5. ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-SelfSignedCertificate], Exception
+ FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.Commands.NewSelfSignedCertificateCommand

Posted Wed, 23 Jun 2021 14:20:09 GMT by Darrell Yaw Support Specialist

I forgot to run as administrator.

What is the usage of: Subject Alternative Name (SAN)?

Get Help