Following on from my previous blog here, I had jumped through the Microsoft hoops to get my nice shiny gold padlock and green bar.
However all was not delivered as expected!
I found a fantastic post here, which explained it all. I had suspected it was down to how I was enrolling the certificate, but there are a bewildering array of options. it boils down to:
- Common Name (CN)
I also added in Locality and Street Name. Erm because I can:
However here I made a mistake. Some of the values have strict limitations, but these limitations are not presented to you in a user friendly fashion. You can enter whatever you like, however when you try and enroll the certificate, it just bombs out with the standard hex decimal error code.
In this instance, it chucked out 0x80094001. The full error text:
Your Request Id is 0. The disposition message is “Error Parsing Request The request subject name is invalid or too long. 0x80094001 (-2146877439)
Thankfully I am not alone in my abject noobness. This post here cleared it all up. The Country type will only support a 2 character value. I had entered the full name. Oops. I amended the value to the internationally recognised character string and everything was just peachy.
To the Client! After enrolling the new web server certificate, binding it to the website, and refreshing, lo and behold:
All good. Well caveats as usual. Thus far it only works in IE or Edge. Firefox and Chrome are a bit more picky, and possibly use a different cert store. However, it’s grand as it is, and I will have a think about the other two browsers.