SSL Certificates signed by our CA show as invalid in browser
We're experiencing an issue, where SSL server-certificates issued by our own internal PKI will show as invalid in the browser, when accessing the site.
The error is NET::ERR_CERT_INVALID (Tested in Edge and Chrome). IE shows Mismatched Address, which is peculiar since it does in fact match. We have tested also in Firefox, where we get a SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED. We will test using a different signature algorithm in the meantime, but were under the impression theat the one we currently have (stated below) should work.
The certificate is bound to https (443) in the IIS.
Subject is the hostname of the webserver, eihter hostname.domain.component.com or CN=hostname,DC=Domain,DC=Component,DC=com Subject Alternative Names are: DNS Name=hostname, DNS Name=hostname.domain.component.com With any combination of these we recieve NET::ERR_CERT_INVALID No errors regarding CA or Address Mismatch show in Edge or Chrome.
More details are:
- Version: V3
- Signature Algorithm: specifiedECDSA
- Signature hash algorithm: sha384
- Public Key: RSA (2048 Bits)
- Enhanced Key Usage: Server Authentication (1.3.6.1.5.5.7.3.1)
- Application Policies:[1]Application Certificate Policy: Policy Identifier=Server Authentication
- Key Usage: Digital Signature, Key Encipherment (a0)
Valid from and to dates are correct and the certificate is valid according to these.
We create the certificates by putting a request to the Windows Server PKI in the certificatemanager. The Server Version for the PKI is Windows Server 2012 R2.
Any advice on what we might be missing is greatly appreciated, thanks!
