ISS is connecting via the wrong DNS Name

Follow

Problem:

The connection between IIS and database is protected by a certificate. The IIS addresses here the last DNS name which is deposited in the certificate as alternative applicant. This can lead to problems.

Procedure:

Webaccess login setup

It is possible to influence the login process if necessary.

This can be done as follows:

1. open Web.config file with an editor (Notepad, ...)

webconfig2.png

2. adjust values in Web.config

1. check with passed certificate thumbprint
DoCheckServerCertificateChain:
True if the certificate comes from a valid certificate chain. Should always be set to true for security reasons. But can also be set to false if the check should not take place.
ServerCheckCertificateThumbPrint:

The ServerCheckCertificateThumbPrint can be found under:
Certificates >> OwnCertificates >> Certificates >>.
As you can see in the screenshot below you have to copy the value from the "Fingerprint" field and paste it into a text editor. Then remove the blanks here.

P.S. You may have to delete an invisible character at the beginning of this value.


The value looks then as follows: f41a5ec71c31f12d0b20f0264cd4b9b3a52dd001

24-08-_2016_13-54-22.png

2. check with passed DNS name
DoCheckServerCertificateChain:

True if the certificate comes from a valid certificate chain. Should always be set to true for security reasons. But can also be set to false if the check should not take place.

ServerCertificateName:

The ServerCertificateName can be found under:

Certificates >> OwnCertificates >> Certificates >>.

The LAST DNS name must be selected because only this DNS name is supported in the current MVC version. 

 

24-08-_2016_13-49-19.png 

​​​3. restart IIS

If necessary restart the IIS in which the PWA is integrated to avoid possible conflicts.

Have more questions? Submit a request

Comments