Certificate error Mismatch address

Hello. I am using a Windows 2008 server and the AD Certification Authority to
issue a server certificate and a client one using the CertSrv application.
On IIS 7 I go to <mySrv>->Server Certificates->Create Certificate
Request->Fill that form (Common Name: https://<myaddress> and so on->Save the
request into a txt file.
I copy into Clipboard what that file contains and make a request using
Certsrv application like this: Request a Certificate -> Advanced Certificate
Request -> Submit a certificate request by using a base-64-encoded CMC or
PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7
file -> paste into Base-64-encoded certificate request (CMC or PKCS #10 or
PKCS #7): textbox.
I issue the certificate and save it to disk.
In IIS 7, <mySrv>->Server Certificates->Complete Certificate Request->set
the .cer file and a frendly name and it appears in the list.
At "Default Web Site", I edit the bindings on https: 443 port and set the
new SSL certificate(IP Adress: All Unassigned). and click OK then Close.
On an application, I do to the SSL settings and check Require SSL and then
Require Client Certificates.

On the client I run CertSrv application from the server and make a web
request for a certificate: Request a Certificate -> Advanced Certificate
Request -> fill the form -> set Type of Certificate Needed: to Client
Authentication Certificate and then submit.

I issue the certificate from CA and install the client certificatio on the
client machine.

I open IE(on the client machine) and run the web application on https a
dialog pops up and shows me the client certificate and I click on it then
click OK.
The application is displayed but I get a Certification Error - Mismatch
address.
I think I'm missing something...
Can someone help me please?

And other question... I make a request for a Code singing certificate and I
issue it from CA but I can't sign my code(using signtool in VS 2005 Command
Promt) because I don't have a pvk. I've marked the key as exportable but I
can't get the pvk.
Can someone help me with this problem too, please?

I forgot to tell you that on a Windows 2000 Server and IIS 5.x this worked
without that certification error

On Jul 29, 9:10 am, Eusebiu <Euse...@discussions.microsoft.com> wrote:
> Hello. I am using a Windows 2008 server and the AD Certification Authority to
> issue a server certificate and a client one using the CertSrv application.
> On IIS 7 I go to <mySrv>->Server Certificates->Create Certificate


Hi;
(I dont know if it's related?)..but

I am getting the same error message!?. We got our certs from an SSL
certif. website and paid for them but still get the name mismatch
stuff? I think the problem may be when you create the certificate .key
file you should put https:// in the CN (common name)?
Of course these files .CSR , .CRT and .KEY are encrypted so you cant
really check what name is embedded in them any ways so that is why I
am stuck.

BTW I am using linux server but I think the commands are pretty much
the same?:this is the one I was told to use


openssl req -new -nodes -keyout ourserver.key -out server.crt

then it will ask u to put country name (US) common name etc etc..one
thing I was told, is NOT to put in a password in there when asked!
Regards;

Thanks for you reply.
The solution was setting the common name without https://.

Eusebiu wrote on Wed, 30 Jul 2008 03:55:01 -0700:

> Thanks for you reply.
> The solution was setting the common name without https://.

CN must only ever be the server hostname, never include the protocol as
well.

--
Dan