CSR to get Wildcard SSL from Domain CA

885
5
01-20-2022 05:59 AM
Taladi
by
New Contributor III

Hi All,

Created SSL by using powershell script in the belowURL for Azure VM multi machine deployment.
DomainRoot.cer & Hostname.pfx were generated, Imported these in IIS, Portal & Server SSL Certificates section of backend Admin URL's.
Even after that Chrome is still giving certificate warnings, IE & Edge are no warnings.

https://enterprise.arcgis.com/en/portal/latest/administer/windows/create-a-domain-certificate.htm

ArcGIS Enterprise Version: 10.8.1
Chrome Version: 97.0.4692.71

Looking for powershell script which will create a CSR to get Wildcard SSL from Domain CA for ArcGIS Enterprise 10.8 Multi machine deployment in Azure.
Any suggestions Please.

Tags (3)
0 Kudos
5 Replies
JakeSkinner
Esri Esteemed Contributor

@Taladi,

Does your certificate have a Subject Alternative Name?  Chrome requires SSL Certificates to list the site name(s) in the subject alternative name (SAN) to be trusted. Usage of common name only is not seen as secure enough, and will result in a certificate validation error in Chrome.

Taladi
by
New Contributor III

@JakeSkinner 

Thank you for your quick reply & Sorry for little late response.

Yes, Certificate is having valid Subject Alternative Name (SAN).
Please find attached screenshot for review. Any suggestions please.
Thanks in advance.

0 Kudos
JakeSkinner
Esri Esteemed Contributor

@Taladi is the SAN set to the DNS alias, or the Fully Qualified Domain Name of the server that's hosting the web adaptor?  

0 Kudos
Taladi
by
New Contributor III

@JakeSkinner 

Yes, SAN set to the Fully Qualified Domain Name of the server that's hosting the web adaptor.

0 Kudos
JoshuaBixby
MVP Esteemed Contributor

The error message tells you it isn't about common name, subject alternative names, or any other kind of name.  The error is for a weak signature algorithm.  You need to specify better settings for generating the cert.

0 Kudos