question

KurtH-4653 avatar image
0 Votes"
KurtH-4653 asked LimitlessTechnology-0326 answered

Digital certificates not functioning as expected (server 2019 essentials with windows 11 PC)

Hello.

Problem: certs not functioning as expected (I'm sure its something I did wrong).

I have a Certificate Authority set up on a test Domain Controller (server 2019 essentials). From that DC CA, I have generated several device keys through the standard (manual) CSR process, exported, and installed. I have one set up on the internal interface of my lab firewall and one set up on a lab PC. When I hit the firewall via a web browser, I still get the "not secure" and https is lined out. I can click on the lock and it shows the correct CA certificate. And the PC certificate shows in the "trusted" cert store as well as the browser certs. Both certs are showing a trusted path to the same test DC CA. Simple...should work, right?

Pointing me to a simple and well-articulated digital certificate guide would be the best as I've found no good guides to date.

Thanks!! Kurt

windows-server-security
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

piaudonn avatar image
0 Votes"
piaudonn answered piaudonn edited

I would do the following from the machine where you see the trust issue:

certutil -f -urlfetch -verify [certificate]

Where [certificate] is the full patch of the .cer of the cert you are tyring to check the trust of. If that throw an error, that is probably going to tell you want is missing.

Here is an article that tells a bit more: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/basic-crl-checking-with-certutil/ba-p/1128367

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-0326 avatar image
0 Votes"
LimitlessTechnology-0326 answered

Hi there,

I would suggest you check first if the Certificates Are Deployed Correctly.

You can follow the below article to have a look at the steps to do this https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly

This article lists the trusted root certificates that are required by Windows operating systems.
Required trusted root certificates
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/trusted-root-certificates-are-required

Install the Certification Authority
https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority


--If the reply is helpful, please Upvote and Accept it as an answer–

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.