We have an existing server with HTTPS set up and an certificate signed by an internal custom CA cert.
It runs an app which uses windows authentication
We browse to this from a windows box using IE/Edge/Chrome/Firefox and they'd all just load the page and not prompt for credentials – using your logged-on windows domain credentials. The web server and all the windows clients are on the same domain. So far so good
We've enabled a new DNS alias using an SSL cert purchased from a real CA, and using internal DNS – this is basically to get round having to install our internal custom CA all over the place (linux, mac, android)
e.g. https://internalserver.local.company.io
I've configured this certificate in IIS and I can browse to it, but when I do, all browsers prompt me for a username/password. I enter my domain credentials and it works, but why is the prompt occurring?? Is there something in IIS that makes NTLM authentication only work for some specific host name? And how might I change that?
I'm not sure that HTTPS or the certificate has anything to do with it, but it's mentioned in case it's relevant
Thanks
Best Answer
Sending creds to a web server is risky. Each browser has a policy setting or file that determines if the browser sends creds without prompt. Chrome and FF here. https://specopssoft.com/blog/configuring-chrome-and-firefox-for-windows-integrated-authentication/