Extended Validation – Part Deux

Following on from my previous blog here, I had jumped through the Microsoft hoops to get my nice shiny gold padlock and green bar.

However all was not delivered as expected!

I found a fantastic post here, which explained it all. I had suspected it was down to how I was enrolling the certificate, but there are a bewildering array of options. it boils down to:

  • Common Name (CN)
  • Country
  • Organisation

I also added in Locality and Street Name. Erm because I can:

As ever, add the SAN DNS.

As ever, add the SAN DNS.

Now for the bits I had missed. Simple stuff, but only if you know (or document it).

Now for the bits I had missed. Simple stuff, but only if you know (or document it).

However here I made a mistake. Some of the values have strict limitations, but these limitations are not presented to you in a user friendly fashion. You can enter whatever you like, however when you try and enroll the certificate, it just bombs out with the standard hex decimal error code.

In this instance, it chucked out 0x80094001. The full error text:

Your Request Id is 0. The disposition message is “Error Parsing Request The request subject name is invalid or too long. 0x80094001 (-2146877439)

Thankfully I am not alone in my abject noobness. This post here cleared it all up. The Country type will only support a 2 character value. I had entered the full name. Oops. I amended the value to the internationally recognised character string and everything was just peachy.

To the Client! After enrolling the new web server certificate, binding it to the website, and refreshing, lo and behold:

Oh yeah - that is doing it for me.

Oh yeah – that is doing it for me.

Yeah baby.

Yeah baby.

All good. Well caveats as usual. Thus far it only works in IE or Edge. Firefox and Chrome are a bit more picky, and possibly use a different cert store. However, it’s grand as it is, and I will have a think about the other two browsers.

 

Advertisements

Flame on xD

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s