No announcement yet.

Missing SSL Certificate for FQDN ('CN = Win2K8MDCRoot.MDC.Com') in IIS Site Bindings

  • Filter
  • Time
  • Show
Clear All
new posts

  • Missing SSL Certificate for FQDN ('CN = Win2K8MDCRoot.MDC.Com') in IIS Site Bindings


    Request the learned forum members help me out in below questions/issues.

    When does the below certificated get installed.
    1. 'CN = Win2K8MDCRoot.MDC.Com',
    2. 'CN = WMSvc-Win2K8MDCRoot'
    Not sure but I guess should be part of one of the DNS, AD DS, IIS roles

    Issue 1: I do not see any of the certificates mentioned above, neither in the IIS Default Site, Edit Site Bindings window of 443/HTTPS type in the drop down nor in the 'Trusted Root Certificate Authorities'.

    I was recently working on a basic Claim App as per a step-by-step guide in PDF that I found on you tube (wwwDOTYouTubeDOTcom/watch?v=nvNYyzT7QB. In mid-way I made a stupid decision I think to rename my computer name (VM) and make it a new domain controller **. While doing it, I deleted all the self-signed certificates which were installed as part of Claims App and also the ones seen in the IIS and 'Trusted Root Certificate Authorities' ('CN = Win2K8MDCRoot.MDC.Com', 'CN = WMSvc-Win2K8MDCRoot', 'CN = Federation Server Win2K8MDCRoot'). Now after having initial problems to add AD FS role and eventually succeeding, I now face the Issue 1 stated above.

    VM Details:
    OS: 2K8 R2 Standard
    Domain: MDC.Com
    NetBIOS/Computer Name: Win2K8MDCRoot
    FQDN: Win2K8MDCRoot.MDC.Com
    Roles: 'Active Directory Domain Service', 'Active Directory Federation Service', 'DNS Server', 'Application Server', 'File Services' and 'Web Server (IIS)'.
    Network Related Configuration: 'Network Doscovery' Turned On with 'SDDP' and 'UPnP' services running. Also 'DNS client' and 'Function Discovery Resource Publication' are running. Firewall is Turned On
    No of Network Adapters : 2
    Network Adapter 1 connected to 'Internal' with IPv4 set to a static IP '' and DNS set to ''. IPv6 is disabled
    Network Adapter 2 connected to 'External'and IPv4 set to Automatic for IP and DNS addresses. IPv6 is disabled

    ** Renaming a Win 2008 DC could be handled as posted in

    I didn't knew it then so I removed all relevant roles (DNS, AD DS, AD FS, IIS) renamed Computer and added the roles again

    Note: (As I'm a new entrant, I'm not allowed to post direct URLs, so replace 'DOT' above with '.' for working url)

    Last edited by Shyam 3boo1; 5th July 2012, 12:14. Reason: Found some better ways to do things that I did in a dumb way

  • #2
    Re: Missing SSL Certificate for FQDN ('CN = Win2K8MDCRoot.MDC.Com') in IIS Site Bindi


    After few hours of dig up, I found solution to point 2 here


    I could get back the certificate 'WMSvc-Win2K8MDCRoot', after I added the 'Management Service' feature in the Web Server(IIS) role.

    No luck yet with the 1st certificate. I'm on it.


    • #3
      Re: Missing SSL Certificate for FQDN ('CN = Win2K8MDCRoot.MDC.Com') in IIS Site Bindi

      Well done, and thanks for posting back.
      Here is the live link from above:
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd

      ** Remember to give credit where credit is due and leave reputation points where appropriate **


      • #4
        Re: Missing SSL Certificate for FQDN ('CN = Win2K8MDCRoot.MDC.Com') in IIS Site Bindi

        Finally something I did brought back my FQDN certificate in place.

        Certificates(Local Computer)
        Personal - Certificates
        Trusted Root Certification Authorities - Certificates
        Drop down of 'IIS - Default Web Site - Edit Site Bindings for 443/HTTPS type'

        I created a certificate from "IIS - Server Certificates - Create A Self Signed Certificate", giving my FQDN as the name of the certificate.

        Not totally sure if this certificate is what I was looking for as part of my Claim App lab. But I could complete the lab till last but one step. (Last step of accessing the ClaimApp from Win7 client is giving accessibility problems though and not sure if it is linked to this issue in anyway)

        Wondering if the FQDN certificate will ever be in place by default or nstalled as part of any Role/Feature addition, wihtout having to create it manually in IIS. But I remember it being there for the first time I configured my VM and added required roles (AD DS, DNS, AD FS, IIS).