Recently I encountered an issue whereby whenever my Windows 2008 R2 web server was restarted the pages HTTPS bindings wouldn't work. The work around was to change which IP address the HTTPS certificate was bound to, between All Unassigned and the actual IP address. HTTPS would then start working without restarting IIS. However this would only last until the next reboot.
After checking the certificates, I eventually found that the country code on the SSL certificate was incorrect. Our certificate had a country code of UK, which is not part of the ISO 3166 list of country codes. More information on the ISO 3166 country codes can be found here, including this online list.
Requesting a new certificate with the correct country code, resolved the issue. My server can be restarted without having to worry about HTTPS working!
So how did this happen? Well I can't be sure, but my guess is...
During the CSR creation, you specify several details relating to your company information. The last step of which is selecting your country code from a drop down list. However, you can overwrite the contents of this field with whatever you like and no validation is performed against the other options in the dropdown list. Thus without thinking you could enter UK instead of the required (and default admittedly) GB.
No comments:
Post a Comment