Mismatched Address certificate error - HTTPS localhost IIS

-

In this post, I describe how to use HTTPS with SSL on a local IIS development environment without the Mismatched Address certificate error:

Screenshot showing mismatched address certificate error

Cause

This error can occur when you use Create Self-Signed Certificate in IIS.  The error says "Mismatched Address" and that the server cannot prove that it is its name.


Resolution

To resolve the issue, you can use the PowerShell cmdlet New-SelfSignedCertificate to create the certificates.

The following PowerShell code will create the root certificate, then create the SSL certificate signed by the root certificate, then import the root certificate into the Trusted Root Certification Authorities store:

# Create the root certificate and store the thumbprint in a variable

$thumb = (New-SelfSignedCertificate -Type "Custom" -KeyExportPolicy "Exportable" -Subject "ROOT" -CertStoreLocation "Cert:\LocalMachine\My" -KeySpec "Signature" -KeyUsage "CertSign" -NotAfter(Get-Date).AddDays(10000)).Thumbprint

 

# Create the SSL certificate using the thumbprint of the root certificate

New-SelfSignedCertificate -type "Custom" -KeyExportPolicy "Exportable" -Subject "CN=localhost" -DnsName "localhost" -CertStoreLocation "Cert:\LocalMachine\My" -KeySpec "KeyExchange" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2") -Signer "Cert:LocalMachine\My\$thumb" -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter (Get-Date).AddDays(10000)

 

# You can't create the root certificate directly in the Trusted Root Certification Authorities store, so export it to a file

Export-Certificate -Cert "cert:\localmachine\my\$thumb" -FilePath c:\localhost.cer

 

# Then import it into the Trusted Root Certification Authorities store

Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root\ -FilePath c:\localhost.cer


Once created, you can then use the SSL certificate in your https binding in IIS:

Screenshot showing an https site binding in IIS with an SSL certificate

Internet Explorer 11 will now open the HTTPS address without an error:

Screenshot of an HTTPS address open in a browser without an error

Note: You will still get a "ERR_CERT_WEAK_SIGNATURE_ALGORITHM" error in Chrome.

EDIT: I've created a follow up post describing how to create a self-signed certificate that does not cause the error NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

Related Posts

The hostname in the website’s security certificate differs from the website you are trying to visit.

- How to create a self-signed public certificate - Powershell

Comments

  1. Rockie12 September 2023 at 11:15

    Greetings! Your script wrked successfully but unfortunately with no result..
    Are there any other steps we need to do? Do You use IE to import this certificate to trusted store?

    ReplyDelete
    Replies
    1. Howard Simpson12 September 2023 at 12:01

      Hi Rockie, thanks for your comment. Did you select the SSL certificate in the https binding in IIS?

      Delete
  2. Rockie12 September 2023 at 12:02

    Ok, thank You much Howard for the PS script!

    - uploaded Your certificate to "Security"-> "Manage trust" in CA
    - used this video (on 7-th minute https://youtu.be/zB4fYkfWcAw?t=423 ) ti add this certificate to Trusted Root Cert. Authorities in Group Policies
    - restarted WFE

    Now it works for old IE but edge and chrome still give error NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM (Yes You are right)
    Don't Tyou have idea how to avoid this warning? In old videos there was no such error but looks like browsers have strengthened security..


    Best regards, Gennady

    ReplyDelete
    Replies
    1. Howard Simpson12 September 2023 at 12:08

      No problem, happy to help. I didn't investigate any further as I didn't need to remove the error in Chrome or Edge. Please do comment again if you find a way to remove the error in modern browsers!

      Delete
    2. Rockie12 September 2023 at 12:56

      Hi Howard!

      Not 100% sure but looks like this method worked for me (for Chrome and Edge):
      https://stackoverflow.com/a/15076602/348736

      The error disappeared but now it started to ask credentials for every new session :)

      In a nutshell they export existing certificate in P7b format, and then import it again and restart Chrome..

      Thank You again for sharing script (I changed 'localhost' to my portal name everywhere).

      Best regards, Gennady

      Delete
    3. Howard Simpson12 September 2023 at 17:00

      Hi Gennady,

      Thanks for the link and information.

      Regards,
      Howard

      Delete
    4. Howard Simpson13 October 2023 at 15:45

      I've created a follow up post describing how to create a self-signed certificate that does not cause the error NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

      https://howardsimpson.blogspot.com/2023/10/err-cert-weak-signature-algorithm-iis-self-signed-ssl-certificate.html

      Delete
    5. Rockie14 October 2023 at 20:40

      Hi Howard!
      Thank You!) I added Your link to notes

      Best regards, Gennady

      Delete

Post a Comment

Popular posts from this blog

LG TV This app will now restart to free up more memory

-
Image
This post describes how to fix the error "This app will now restart to free up more memory" which can occur when using apps such as Netflix on an LG TV after just a few minutes of use. Resolution To resolve the issue, unplug the TV then press the on/off button for 10 seconds.  Wait a further 20 seconds then plug the TV back in and turn it back on. Apps should now run without the error. Edit: The on/off button on my LG TV is directly under the standby light on the bottom of the TV. Edit: I didn't have to do this myself but one person who has left a comment said that clearing all browsing data worked for them.  I have written a post explaining how to do this: LG TV Clear All Browsing History Data . Edit: A few other people have also suggested turning off quick start in settings (and if it's already off, turn it on then off again).  I have written a post explaining how to do this: LG TV turn off Quick Start in settings Related Posts -  LG TV delete/remove/hide ch
Read more

LG TV Clear All Browsing History Data

-
Image
This post describes how to clear all browsing history data from an LG TV. This is one way to resolve the error " This app will now restart to free up more memory " sometimes seen on LG TVs. Process The process to clear all browsing history data is as follows: 1. Press the Home button on the remote control and keep pressing right until you find the Web Browser then open it. 2. Scroll the wheel on the remote control to reveal the pointer on screen, then press the three dots stacked vertically (located in the top right of the screen, next to the close button) to open the Menu. 3. Select Settings from the Menu. 4. Scroll to the bottom of the Settings to reach the Clear Browsing Data section. 5. Press the Clear All Browsing Data button then press Yes to confirm. Related Posts -  LG TV turn off Quick Start in settings -  LG TV move or delete apps and shortcuts on home screen
Read more

LG TV turn off Quick Start in settings

-
Image
This post describes how to turn off Quick Start on an LG TV. This is one way to resolve the error " This app will now restart to free up more memory " sometimes seen on LG TVs. Process The process to turn off Quick Start on my LG TV is as follows: 1. Press the Settings (cog icon) on the remote control, this opens the side settings menu on the right hand side of the TV screen. 2. Go down to All Settings (the three dots icon that turns into a cog icon on the screen) then click. 3. Go down until you reach General (the cog and spanner icon) 4. Press right then down until you reach Quick Start+ (note: you may need to select Additional Settings before doing this on some LG TVs). 5. Toggle Quick Start+ to the off position (the circle should slide to the left): Related Posts -  LG TV Clear All Browsing History Data -  LG TV move or delete apps and shortcuts on home screen
Read more