Great video but I'm still having trouble... Everything seems ok from my CA machine's browser but from my client (Win10 pc) it shows as SSL_ERROR_BAD_CERT_DOMAIN. I've been looking under the Certificates Console and the CA certificate shows up under the Trusted Rooted Certification Autoritities. DNS resolution has also been check, not an issue. Still don't get it what happening... Suggestions? Thanks.
Thanks for great video, I have a small question. On the video, you showed the public key on this .cer file, how can we access the associated private key?
Hello i got this message while completing the certificate signing request " No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory. "
@@MSFTWebCast But windows server will pick only pfx cert only, right? and as you said in the process that will not create a private key, How do we get private key?
Understood everything until internet explorer where you add your server address. Tried many things but could not get it to go to the page as in the video.
I used Internet Explorer to access the web enrollment interface of the Internal (Local) certificate authority, by using /certsrv Note: To access certificate web enrollment page, you must have installed the CA web enrollment service on your server.
I want to install the SSL certificate on local IP like some web server (VMware-Esxi, vCenter console IP) can you share a separate video for its process
I follow your video, memeber web server can access only itself https without warning, but how make other domain clients can also access https without warning?
Did you check for certsrv virtual directory in IIS manager? Does the physical directory under C:\Windows\System32\CertSrv\En-US exists? The simple solution is: Uninstall and reinstall the certification authority web enrollment role. Keep in mind only CA web enrollment service.
I got the "Certificate Pending and that I have to wait for the administrator, even tho I am the administrator in my own lab. Anyone knows how can I confirm or allow it ?
If I wanted to add additional attributes for for SAN names or hostnames what is the format for that ? Is it just list the names separated by space or commas or something else ?
Google Chrome requires SSL certificates to use Subject Alternative Name (SAN) instead of the popular Common Name (CN). So you have to use SAN certificate.
well explained video. Can you tell me how we can add attributes like Subject alternative name and issuer Alternative Name as this is necessary to force chrome trust the certificate and stops displaying the red "Not secure" text? Thanks for your efforts
You can follow this video to create certificate with Subject Alternative Names: ua-cam.com/video/krd9ZsJCZ6s/v-deo.html If you are using self-signed certificate than import the certificate into trusted root certification authorities certificate store. In case, you are using internal Certification authority then import CA certificate into trusted root certification authorities certificate store. This will fix the "Not Secure" error.
I watched the other video, very useful and informative, however, after creating the SAN certificate, adding it to IIS, then on my dev win 10 machine, added the certificate to the trusted zone, nor chrome nor edge wants to accept it, still getting "Not secure" whereas certificates I have created in the past with XCA tool were accepted by chrome
@@MSFTWebCast each time my ad certificate server is giving in p7b form only and when I am completing the request using p7b on iis, it is not recognizing the key. Basically looking for pfx or cer. My organization has given me the url of ad certificate server, like you were generaing in the video. Your certificate is coming in .cer but mine is coming in p7b
Just amazing and your videos has improved a lot I'm watching you since long time and now you have become my guide
Awesome, thank you!
Amazing video series! Filled all the knowledge gaps I was missing to get this done
Great to hear!
You keep showing up in all the searches I do. Thank you so much for making these videos!
how did you get the website at 6:04?? I'm confused and stuck on that part
(1)
Great video but I'm still having trouble... Everything seems ok from my CA machine's browser but from my client (Win10 pc) it shows as SSL_ERROR_BAD_CERT_DOMAIN. I've been looking under the Certificates Console and the CA certificate shows up under the Trusted Rooted Certification Autoritities. DNS resolution has also been check, not an issue. Still don't get it what happening... Suggestions? Thanks.
Hello I have created a csr and got the signed cert to generate pfx file from the cer may I know the steps to follow
Thanks for great video, I have a small question. On the video, you showed the public key on this .cer file, how can we access the associated private key?
Followed your video steps working only on explorer other browser showing invalid certificate.please look into it
Great tutorial.
I have multiple domain controllers. How do I use a pfx certificate in such environment to get rid of "Not secure warning message" ?
What is the difference between what you are doing in this video and the last three videos? It gives the same result, doesn't it?
Unable to browse web server from member server. Please help
Very nicely done!! Thank you 🙏
Hello i got this message while completing the certificate signing request " No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory. "
Which format SSL cert for Windows servers?
.cer format.
@@MSFTWebCast But windows server will pick only pfx cert only, right?
and as you said in the process that will not create a private key, How do we get private key?
@@venkateshm6040 Hello, could you please provide more details about what you're trying to accomplish?
@@MSFTWebCast I want to place DIGICERT in Windows server, the cert need private key, how to generate a private key to import pfx cert?
Understood everything until internet explorer where you add your server address. Tried many things but could not get it to go to the page as in the video.
I used Internet Explorer to access the web enrollment interface of the Internal (Local) certificate authority, by using /certsrv
Note: To access certificate web enrollment page, you must have installed the CA web enrollment service on your server.
Can you please let me know how can i create csr for 3 yrs expiry and how can i mention 3 yrs validity in that certificate
I want to install the SSL certificate on local IP like some web server (VMware-Esxi, vCenter console IP) can you share a separate video for its process
Why you want to install certificate with IP? You can use subject alternative name (SAN) option in certificate to add IPs.
I follow your video, memeber web server can access only itself https without warning, but how make other domain clients can also access https without warning?
1. Distribute root CA certificate group policy or 2. Configure Group Policy to Auto-enroll and Deploy Certificates.
Does web server join domain
In this video, the web server is joined to the Active Directory domain.
can i generate CSR certificate on IIS to use for another webserver?
You can generate the CSR from any server you like.
Hello when I add "certsrv" to URL it doesn't get me the authentication instead it give me an error 404 this as minute 6.01
Did you check for certsrv virtual directory in IIS manager? Does the physical directory under C:\Windows\System32\CertSrv\En-US exists?
The simple solution is: Uninstall and reinstall the certification authority web enrollment role. Keep in mind only CA web enrollment service.
Were you ever able to figure this out?? It's not making sense
this was informative. thank you brother.
Do we need to be connected to internet for this to work ?
No, it will perfectly fine with local network.
Too good explanation. Very much helpful. Many Thanks
I got the "Certificate Pending and that I have to wait for the administrator, even tho I am the administrator in my own lab. Anyone knows how can I confirm or allow it ?
Open Certification Authority on your CA. Expand Local CA name and click on Pending Requests. Select the requested certificate and approve it.
If I wanted to add additional attributes for for SAN names or hostnames what is the format for that ? Is it just list the names separated by space or commas or something else ?
Please refer this video: ua-cam.com/video/krd9ZsJCZ6s/v-deo.html
Why don't you release subtitles.
Hi, this is the old video, I have started to add hard-coded subtitles in all the newer videos. Will try to add the subtitle in older videos too.
@@MSFTWebCast Thank you very much.
it does not work on chrome
Google Chrome requires SSL certificates to use Subject Alternative Name (SAN) instead of the popular Common Name (CN). So you have to use SAN certificate.
Thank you so much, just what I needed.
Very Fruitful, Terima Kasih Banyak
Thank You too.
well explained video. Can you tell me how we can add attributes like Subject alternative name and issuer Alternative Name as this is necessary to force chrome trust the certificate and stops displaying the red "Not secure" text? Thanks for your efforts
You can follow this video to create certificate with Subject Alternative Names: ua-cam.com/video/krd9ZsJCZ6s/v-deo.html
If you are using self-signed certificate than import the certificate into trusted root certification authorities certificate store. In case, you are using internal Certification authority then import CA certificate into trusted root certification authorities certificate store. This will fix the "Not Secure" error.
@@MSFTWebCast with Chrome it is not sufficient import CA certificate into trusted root, certificate should have SAN DNS name
I watched the other video, very useful and informative, however, after creating the SAN certificate, adding it to IIS, then on my dev win 10 machine, added the certificate to the trusted zone, nor chrome nor edge wants to accept it, still getting "Not secure" whereas certificates I have created in the past with XCA tool were accepted by chrome
@@eliassal1 Can you mail me the screenshot of certificate with names and the error as well. You can find my email address on about tab (Channel Page).
@@MSFTWebCast Email sent with screenshots
another great and well explained video, thank you
Awesome video ,please kindly do how to install certificate on the server after downloading
Almost ok. But some steps are missed. And clarity missed.
Can you tell me more about the missing steps, so I could include those while re-creating the video with windows 11.
my certificate came in the form of p7b, how to convert to .cer ?
Why dont you export the certificate again with .cer format? Yes, there are ways to convert it using some SSL converter tool but I have never tried it.
@@MSFTWebCast each time my ad certificate server is giving in p7b form only and when I am completing the request using p7b on iis, it is not recognizing the key. Basically looking for pfx or cer. My organization has given me the url of ad certificate server, like you were generaing in the video. Your certificate is coming in .cer but mine is coming in p7b
Did you ever figure this out?
enable CC please
Спасибо! Все очень понятно объясняете. Круто!
Very well done Sir!
Thank you!
this video deserves 1m like
Thanks for the video
Great English! I learned something new watching your video :)
Why didn't your comment get upvotes?????
instant new subscriber
Awesome, thank you!
thank you
Great video, thank you!
Well explained video.
super ,
Спасибо
good
😘😘😘😘😘💜💙💙💚