Windowsserverdocs: "If you use your own certificate, make sure to specify the name provided in the certificate"

Created on 8 Dec 2018  Â·  6Comments  Â·  Source: MicrosoftDocs/windowsserverdocs

There is no option to specify the name provided in the certificate, e.g. a custom domain name? This is necessary for us since our local domain suffix is .local. So it defaults to being accessible via localhost:<portNumber>, which then screws up registering in Azure as well, since the appUrl is localhost.

Are we missing something during the installation process? We would like the url to be admin.<ourDomainName>.com so that we can purchase a certificate with this SPN (or SAN).


Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

Pri2 windows-server-thresholprod

Most helpful comment

Any updates on this?

All 6 comments

Any updates on this?

Waiting as well. Cannot deploy this until clarification is provided as to how to work around this, or this is fixed.

I'm in the exact same situation @jaypatrick.

It looks to be related to this issue on the User Voice Forum https://windowsserver.uservoice.com/forums/295071-management-tools/suggestions/33990187--security-certificate-wildcard-certificate

I've played around with the preview bits, and now it defaults to the name specified in the cert...but that still doesn't work, because we're using a wildcard cert *.domainname.com, so now if I specify port 443, the default URL is simply domainname.com:443, which of course is our production website!

Being able to specify a host header would fix this problem, would make DNS entries very easy (just use a CNAME record)...this product is essentially worthless for anyone who wants to use split dns to map records to their public domain (and registration in Azure is still broken, it uses the computer NETBIOS name for the URL hostname).

We're about to move on and just give up on this half-baked product.

I've played around with the preview bits, and now it defaults to the name specified in the cert...but that still doesn't work, because we're using a wildcard cert *.domainname.com, so now if I specify port 443, the default URL is simply domainname.com:443, which of course is our production website!

Being able to specify a host header would fix this problem, would make DNS entries very easy (just use a CNAME record)...this product is essentially worthless for anyone who wants to use split dns to map records to their public domain (and registration in Azure is still broken, it uses the computer NETBIOS name for the URL hostname).

We're about to move on and just give up on this half-baked product.

I feel your pain, it's decent product with some huge design flaws.

I have a similar issue.
I wanted to use Azure AD Application Proxy, point admincenter.mydomain.com to it and off to the races, but it doesn't work very well.
Since it all relates to hostnames and certificates, I'll post my own UserVoice issue: https://windowsserver.uservoice.com/forums/295071-management-tools/suggestions/37137811--feature-request-url-bindings-for-application-pro
(go vote for it, because apparantly the WAC community is dry as a desert).

Was this page helpful?
0 / 5 - 0 ratings

Related issues

parabolic123 picture parabolic123  Â·  4Comments

janis-veinbergs picture janis-veinbergs  Â·  5Comments

Garthmj picture Garthmj  Â·  3Comments

skyflyer picture skyflyer  Â·  3Comments

carlosmayol picture carlosmayol  Â·  4Comments