Just an update:
If we regenerate a certificate on the same system, certificate with <% will still be generated.
Certificate with "<%" cannot be regocnized in IIS
Hello,
Currently we put a certificate into an IIS and try to download it by Invoke-WebRequest.
The download failed and turns out to be due to the certificate contains "<%".
Manually read by http also failed with 500:
Other certificate without this "<%" can be downloaded.
Any suggestion on this issue?
Thanks in advance.
Chu Ling Rui
4 answers
Sort by: Oldest
-
Chu, Ling Rui 1 Reputation point
2022-09-15T10:31:33.037+00:00 -
Chu, Ling Rui 1 Reputation point
2022-09-16T06:24:06.71+00:00 Hello,
This 3C 25 is static IP on the site, no way to change it.
Any good way to fix this issue?Thanks in advance.
ChuLingRui -
Limitless Technology 43,941 Reputation points
2022-09-16T09:00:50.907+00:00 Hello there,
The first thing that has to be checked is whether the website is accessible over http. You will need to have the website working on http first before continuing with this troubleshooter.
There could be many reasons. We will follow a step-by-step approach to solve this problem.
Troubleshooting SSL related issues (Server Certificate) https://learn.microsoft.com/en-us/iis/troubleshoot/security-issues/troubleshooting-ssl-related-issues-server-certificate
---------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--
-
MotoX80 31,581 Reputation points
2022-09-16T12:43:45.097+00:00 The problem is that IIS's default handler mapping for .cer files is asp.dll. IIS is trying to "run" your cer file. You need to have .cer files treated as a StaticFile.
At the web site level, rename .cer to .cer-save or something like that.
Then in the mime type definitions, add an entry for .cer files for application/octet-stream.
Note: I don't know why the default IIS config is defined like that. Do this on a test server first to verify that it doesn't impact HTTPS sites.
PS C:\> Invoke-WebRequest localhost/test.cer StatusCode : 200 StatusDescription : OK Content : {60, 37, 32, 32...} RawContent : HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 343 Content-Type: application/octet-stream Date: Fri, 16 Sep 2022 13:06:47 GMT ETag: "6d1e2cb1c2c9d81:0" Last-Modified: Fri, 16 Sep 2022 11:5... Headers : {[Accept-Ranges, bytes], [Content-Length, 343], [Content-Type, application/octet-stream], [Date, Fri, 16 Sep 2022 13:06:47 GMT]...} RawContentLength : 343