Paul,
As of November 1st 2015 you can't get a publicly trusted certificate issued from a major Certifying Authority (CA) like GoDaddy for an internal/intranet web address (i.e. localhost, something.local, etc.). It seems there are a number of alternatives but I would seek expert advice on them. However, my take on it is you can do the following (for Windows Systems..I'm not sure how it differs on other operating systems)
- IIS issue Self-Signed certificate and accept user warnings for each client accessing the website, manually add it to the trusted certificate store as necessary
- IIS Self-Signed certificate and trust that certificate via Group Policy for all clients in the intranet domain
- Setup own CA, trust that CA inside the intranet domain via Group Policy and sign own IIS Certificate Signing Requests (CSR)
- Use solution like GlobalSign IntranetSSL where it will sign your CSRs for you but it still requires you to trust that CA via your Group Policy for the intranet domain.
Regarding your issues:
Have the machines that these client browsers are on been programmed (through Group Policy or otherwise) to trust certificates issued by the internal Certifying Authority you are using? I.e. is your internal CA or the specific certificate you've created listed in the "Trusted Root Certification Authorities" for that machine and other machines in the Windows Domain?
You can usually easily access this info in Chrome Settings, Advanced, Privacy and Security, Manage Certificates and then look at Trusted Root Certification Authorities.
I suspect that the error will only occur if your certificate has not been trusted but it could also have been improperly configured.
Thanks
Ryan
EDIT - Some Resources for you:
Guide on distributing certificates to client computers by using Group Policy
Guide on setting up your own CA server as a trusted CA so that any Certificates it issues should be ...
Guide on trusting a self-signed certificate through Group Policy