I have installed LetsEncrypt certificates on several IIS Version 10 .NET nodes, where the solution DNNsoftware.com is running on. The result of the certificates is not consistent: Only one node (technically a IIS website) can be reached on different Windows 10 PCs as well as on a Android phone, without prior certificate security warnings.
But there are nodes, which websites can be displayed successfully on one Windows PC with Chrome, while the same website displays a dialog with “Microsoft-Organization-Access” to confirm with Chrome on a different Windows PC. Also the Android phone shows the warning dialog on 2 different browsers.
My goal is, to display any website on any customer device, without prior dialog box, just like letsencrypt.org is appearing on my screen.
The certificates have been created via PowerShell locally on the productive webserver with success, no errors. All traffic is redirected from http to https within IIS via URL Rewrite rule. Is there any detail, I might have forgotten, or which has to be verified in addition?
With pleasure I give you two website links. Both of them are based on DNNsoftware.com, and as discussed, there is no Linux, only IIS 10 on top of Windows Server 2019:
This website works fine, a DNN site without any initial configuration: Luzern.DNN365.com
And this website does not work for example in Chrome, on my Windows 10 PC, I am always initially prompted to confirm Microsoft-Organization-Access certificate. Similar warnings appear on 2 browsers on my Android phone: Tokio.DNN365.com
I thank you, rmbolger for your positive input. I just re-tested the sites on a brandnew installed virtual machine with Windows 10, where the sites work with Chrome. What is your explanation for the fact, that not all Windows 10 PCs show the same result, as well as Android browsers display a certificate warning, even after clearing all browser data?
The only site, where the warning does not appear on the smartphone is for Luzern.DNN365.com
Many thanks Juergen for your help.
According to my posts, luzern.dnn365.com is working, as the only site, on all browsers, on all devices.
Other websites does only work with the restrictions, I already have posted.
Many thanks for checking the site, I made the same check with several websites, discovering, that the checking service is your own solution, Juergen, great
I checked for example cctg.ch and under “Certificates” I get some few red points:
I don’t know, if a point like ‘missing a script file within a image gallery folder’ is critical for correct certificate.
Generally the site cctg.ch does not work on all browsers without cerfiticate warnings.
If it is a caching problem, why does other websites not show the issue in the same browser?
I thank you for your input.
We cannot influence customer side browsers and their possible cashing problems. Personally, I have never seen such cashing problems using SSL certificates, I ask myself how to be sure to have 100% correct website https-access on any customer device with no issue.
I send you my screenshot with the dialog you asked me for. This dialog apperas, as I want to access https://tokio.dnn365.com:
Many thanks for your input Juergen. The Tokio Website wihin my IIS Server is switched to “Accept” on SSL Settings. It is interesting, that I never had any issue on Firefox with default settings. The above screenshot was taken on Chrome.
If my server sends a request for this client side certificate, I may have to re-configure some IIS settings. Have you got an idea, which settings I might need to change?