Jump to content
Sign in to follow this  

Recommended Posts


This process shows you how to generate a new certificate from your AD Certificate Store, which is compatible with recent security changes made in the Chrome browser.



These instructions involve granting your web server permissions to a Web Server Certificate template in your AD Store.  We encourage you to review and have this process approved before applying to your production environment.


1. Log into your Active Directory Certificate Authority server as a Domain Administrator

2. Open certtmpl.msc

3. In the Properties of the Web Server template, give your Passwordstate web server Read, Write and Enroll permissions, and click OK.





4. Log into your Passwordstate web server as Domain Administrator, open certlm.msc

5. Expand Personal -> Certificates

6. Right click Certificates -> All Tasks -> Request a New Certificate




7. Click Next




8. Click Next




4. Select the Web Server template, and click "More information is required to enroll for this certificate"




4. Change Full DN to Common Name and type your Passwordstate URL.  Click Add

5. Change the Directory Name to DNS and type your Passwordstate URL.  Click Add




6. Under the General tab, enter a Friendly name and click OK




7. Click Enroll

8. Open IIS, and set the new certificate to your HTTPS web binding




9. Now from your desktop, you should be able to browse to your Passwordstate website, and Chrome will now treat it as secure






Related Error #1:

Certificates with a Signature Hash Algorithm of SHA-1 can also generate security warnings in later versions of Chrome.  You may see this error below if your certificate is signed using SHA-1.  There are different ways to upgrade your Certificate Store to SHA-256 but one of our customers kindly linked us to this article (Thanks Luis :) ), which helped him out:  https://technet.microsoft.com/en-us/library/dn771627.aspx





Related Error #2:

When requesting this certificate on your web server, the wizard installs it in the Intermediate Certificate Authorities store, which can cause the browser on the web server not to trust the certificate.  You may notice this behavior:




To fix this, either install the certificate using Internet Explorer into the Local Machine Trusted Root Certification Authority, or just copy and paste the certificate as per the below two screenshots.  You'll need to restart your browser for this to become effective:


Copy Certificate from This Location:



Into this Location:








Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this