Version Affected: All
Description:
After changing the binding cert in IIS, Browsers throw a HSTS error when accessing the site.
Browser error:
Your connection isn't private
Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards).
NET::ERR_CERT_COMMON_NAME_INVALID
localhost uses encryption to protect your information. When Microsoft Edge tried to connect to localhost this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be localhost, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Microsoft Edge stopped the connection before any data was exchanged.
You can't visit localhost right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
Cause:
Lack of "Localhost" in the SAN of the certificate
Resolution:
1. Open your browser and go to this address
For Edge, go to edge://net-internals/#hsts
For Chrome, go to chrome://net-internals/#hsts
2. It'll open a page like this
3. In the last box, type localhost
4. click delete
Special Considerations (optional as needed):
An alternative solution exists here
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.