Error "This certificate cannot be verified up to a trusted certification authority"
In my VirtualBox I have following network for testing and every software on virtual machines is a fresh installation.
On virtual machine, named www.home.local, where my web server resides, I created a certificate request, then submitted this request to ws01.home.local, then got a certificate issued and downloaded, then completed the certificate request. After that I added binding to Default Web Site with https protocol and the certificate.
Now,
this Default Web Site is accessible from www.home.local at https:www.home.local without any error
this Default Web Site is accessible from ws01.home.local at https:www.home.local without any error
However, I am getting error from vm02 and the host computer
What can be a solution to this issue? What should I do next?
Solution 1:
The CA (where the certifcate was issued - home-WS01-CA) is not trusted by your client. You should export the CA root certificate without the key and then import it to your client. Also export/import should be done for intermediate authority, if any. I don't think you have an intermediate authority, just mentioning for future production ready systems.
You should also add the root CA cert to the web server also. So that on all involved machines the whole chain of certificates is trusted.
Adding info: Have a look at this link: exporting/importing ssl certs, Win/IIS
You'll start from home-WS01-CA.
In 7th step, you'll look for Trusted Root Certification authorities. There should be the Root CA cert. as shown in the link, you'll export it to a file, but without the key (you won't have such an option for root CA if I recall well, nevertheless if you do, do not export the private key). Follow the procedure, probably only .cer file will be available for export (due to no key) and no password.
Continue to import, I suggest to web server first, make a try and then to the client if you still have the problem. Proceed as advised, but choose Trusted Root Certification authorities for the import destination instead of web hosting mentioned on the link.
On the screenshot you attached, 3rd tab certification path, when everything is correct you should see something like this: cert path, root, intermediate, cert. Without the intermediate apparently.