the scenario is the following:
I created a selfsigned SAN certificate bundling different intranet-domains, hosted on different machines and OS. The certificate is working as expected when being used by apache-services on CentOS and nginx-services on Docker, but when I tried using the same certificate for a domain being hosted on a Microsoft IIS, I get a 502 Bad Gateway error.
From my understanding, even a faulty certificate should not trigger a 502 error, should it? And seeing as all other domains on different scenarios work just fine, I presume I did something wrong.
So this is my process for creating and exporting the certificate to IIS:
openssl req -x509 -newkey rsa:2048 -nodes -keyout cert.key -out cert-crt -days 365 -config san.cnf
san.cnf is a config describing the different domains I need etc. After creating certificate and private key, I export a .pfx version of the certificate with the following command:
openssl pkcs 12 -export -out cert.pfx -inkey cert.key -in cert.crt
I then import said .pfx file to IIS using the import function in the server certificate feature menu and configure the https:// binding of the domain to use this certificate. After restarting the webservice, I get 502 Bad gateway errors when trying to access the page.
Is there anything I am missing? Thx in advance for any hints, I suspect it's plain stupidity on my part once again :D
Which kind of web service did you create? For the WCF service, please enable HTTP activation in the Window features.
For the usage of the
SANcertificate, we need to configure a binding for every domain name accordingly in the web site binding module.Like the below figure.
Particularly, there is no need to tick the below option since this kind of certificate support Subject Alternative Name. These bindings use the same certificate.
At last, I suggest you bind another certificate to verify whether the certificate caused this issue.
Feel free to let me know if the problem persists.