I have installed a certificate with multiple Common Names on a Red Hat server in the jks format. The web page can be accessed with Firefox and the certificate gets imported. However, IE8 gives the error "Internet Explorer cannot display the webpage".
I added the cert with MMC and its properties shows "This certificate has an nonvalid digital signature.". Also the cert doesn't have the URL of the web page in it. The cert does have a valid signature in Firefox and the URL mismatch is ignored. How can I get IE8 to accept it. This cert is required for another Application (where it works fine) and cannot be changed except to change the format. I already have it in PKCS12, jks and pem formats.
Best Answer
Let me guess: you're running Windows XP or Window Server 2003, and the certificate uses SHA2?
KB Article: Windows Server 2003 and Windows XP clients cannot obtain certificates from a Windows Server 2008-based certification authority (CA) if the CA is configured to use SHA2 256 or higher encryption, with hotfix.
Windows XP/2003 doesn't understand SHA-256; that's why the digital signature is non-valid.