DKlimax
Got 3 certificate from page Server Certificates + giant menu:
Import.. Create Certificate .. and so on. I don't know what doing next ?

SerVal is having problems trying to get the certificates installed for Gerasim. Does anyone out there consider themselves an expert at this?

I am not much help - the certificates for NumberFields are handled by the IT department, so I have very little experience with them. I am also a Linux guy, and haven't used Windows in years. Any help would be appreciated.

SerVal is having problems trying to get the certificates installed for Gerasim. Does anyone out there consider themselves an expert at this?

I am not much help - the certificates for NumberFields are handled by the IT department, so I have very little experience with them. I am also a Linux guy, and haven't used Windows in years. Any help would be appreciated.

Forgot to mention, I think SerVal can get us a username and password, for anyone willing to login remotely to help. If interested in helping, send me and/or SerVal a pm.

====
I suspect that the problem starts with incorrectly written DNS.
And if DNS is incorrectly written, then the Certificate will be incorrect.
Therefore, it is better to start with DNS. - go to the server with a terminal and see what I got.
=====
Let's try this: I will gradually tell you what I did,
and you tell me if there is anything suspicious or incorrect.

So, now I have 2 computers
1.
IPv4 Address. . . . . . . . . . . : 192.168.16.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
2.
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.16.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
=====
Router Address: http://192.168.16.1/
Gateway : 79.164.208.1 <- from Provider. Is it needed for anything?
I don't have this Gateway registered anywhere, but 192.168.16.1 is registered
Guys, did I set the network correctly?

p.s.
Logging into the server via terminal only works in the internal network
(with gray IPs).

====
I suspect that the problem starts with incorrectly written DNS.
And if DNS is incorrectly written, then the Certificate will be incorrect.
Therefore, it is better to start with DNS. - go to the server with a terminal and see what I got.
=====
Let's try this: I will gradually tell you what I did,
and you tell me if there is anything suspicious or incorrect.

So, now I have 2 computers
1.
IPv4 Address. . . . . . . . . . . : 192.168.16.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
2.
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.16.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
=====
Router Address: http://192.168.16.1/
Gateway : 79.164.208.1 <- from Provider. Is it needed for anything?
I don't have this Gateway registered anywhere, but 192.168.16.1 is registered
Guys, did I set the network correctly?

p.s.
Logging into the server via terminal only works in the internal network
(with gray IPs).

I think your addresses look right for the most part. I always use the default setting on the router which has a gateway of 192.168.1.1 and devices on my internal network have IP addresses of the form 192.168.1.XXX. I did a quick check and your gateway is in the allowed range. I'm referring to my setup at home; NumberFields site is managed by the IT department and their addresses/mask/gateway are totally different.

Is the Gateway from your provider your external IP address? If so, that's what the domain name servers need to send Gerasim traffic to your server. Which begs the question, who hosts your DNS? Is it your provider or a third party? I think we need more information on your setup in order to help.

Gerasim sends his regards to everyone!
=====
Dear women!
Video recording in the women's room is carried out solely for your safety!
=====
Hm, touching concern for our safety... :).

I just remembered: the site is edited, compiled, launched under the debugger
and all this right in Visual Studio! Yes, I compiled it myself... but I forgot how to do it.
Maybe there is such an opportunity now?
And how did people live before? Without certificates?
It's strange somehow... Here artificial intelligence runs along the streets,
and we can't catch one certificate. :)
=====
Yesterday I edited the DNS server.

>nslookup gerasim.boinc.ru
Server: UnKnown
Address: 192.168.16.11

Name: gerasim.boinc.ru
Address: 79.164.218.120

As you can see,
DNS correctly determines its external IP-addr 79.164.218.120.

>ping gerasim.boinc.ru

Pinging gerasim.boinc.ru [79.164.218.120] with 32 bytes of data:
Reply from 79.164.218.120: bytes=32 time<1ms TTL=126
Reply from 79.164.218.120: bytes=32 time<1ms TTL=126
Reply from 79.164.218.120: bytes=32 time<1ms TTL=126
Reply from 79.164.218.120: bytes=32 time<1ms TTL=126

Ping statistics for 79.164.218.120:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
=====
- also correct.

So it looks like DNS is now working. Are we back to the certificate problem again?

So it looks like DNS is now working. Are we back to the certificate problem again?

Maybe Yes.
Today, I created 3 certificates. I used the program
win-acme.v2.1.12.943.x64.pluggable
All created certificates are visible in IIS-Admin, they claim and show that they are correct, and I have a public key from somewhere. Maybe there is, but I don’t know where and what to do with them :( .
That’s why I deleted 2 certificates. (It doesn’t take long to create).
The certificates were for the host, but they were needed for the host + for users. (But maybe this is not so).

So it looks like DNS is now working.

I'm not sure. There should be pointers and aliases for DNS somewhere.
Where? - I don't know, but without them it's unlikely to work properly.

Всем привет, и хорошего настроения !
====
use Gerasim
go
exec get_project_config_php
====
Output:
<project_config>
<name>Gerasim@home</name>
<master_url>https://gerasim.boinc.ru/</master_url>
<web_stopped>1</web_stopped>
<sched_stopped>0</sched_stopped>
<min_passwd_length>6</min_passwd_length>
....
====
:)

So it looks like DNS is now working. Are we back to the certificate problem again?

Maybe Yes.
Today, I created 3 certificates. I used the program
win-acme.v2.1.12.943.x64.pluggable
All created certificates are visible in IIS-Admin, they claim and show that they are correct, and I have a public key from somewhere. Maybe there is, but I don’t know where and what to do with them :( .
That’s why I deleted 2 certificates. (It doesn’t take long to create).
The certificates were for the host, but they were needed for the host + for users. (But maybe this is not so).

Go to bindings for website and under HTTPS you'll find dropdown "SSL certificate". That's where you set certificate.

Hello. I do not give up trying to connect with Terminal
Try this:

start mstsc /v:As11.boinc.ru:3389

For all request about Credencial type
SerVal (default)
As11/SerVal (alt)
pw: *****************

If you see grot on the screen - that's good. :)

So it looks like DNS is now working.

I'm not sure. There should be pointers and aliases for DNS somewhere.
Where? - I don't know, but without them it's unlikely to work properly.

Всем привет, и хорошего настроения !
====
use Gerasim
go
exec get_project_config_php
====
Output:

Gerasim@home
https://gerasim.boinc.ru/
1
0
6
....
====
:)

The fact that ping works and translates "gerasim.boinc.ru" into your IP address tells me that DNS is working.

But there are connection problems when trying to login remotely. I have seen this on linux when SSL/certs are not configured properly. I suspect that is your problem. I know very little about how windows handles this stuff.

@DKlimax
AS11 (As11\Serval)
-> Server Certificates:
[IIS]gerasim boinc.ru, any host ...
Issued To gerasim.boinc.ru
Issued By R12

->Site Bindings
host name gerasim.boinc.ru
All Unassigned Port 443
====
Certificate present. Certificate Purpose Web Hosting.

@DKlimax
Addition Info about Certificate for Gerasim.
Certificate Store: WebHosting
In my opinion, this is not quite the right place for the Certificate.

Just to make sure, is HTTPS port 443 opened in firewall? (Based on a test it looks like it is closed/unresponsive)

@DKlimax

Just to make sure, is HTTPS port 443 opened in firewall?

I don't know. Router Address: http://192.168.16.1/
Going to the firewall and Router.
* I'll report back when I get back.

Report: Для HTTPS port 443 на firewall уже есть правило: forward any
Это можно как-нибудь проверить? Можно разрешить всё и всем?

На роутере есть firewall вот там я всё и меняю. Ещё - (я видел), что на роутер можно заходить, смотреть и править ошибки снаружи
(это лучше всего, но я пока не знаю, как это сделать).
* отдохну маленько, может что-то умное в голову придёт ...

Report: Для HTTPS port 443 на firewall уже есть правило: forward any
Это можно как-нибудь проверить? Можно разрешить всё и всем?

На роутере есть firewall вот там я всё и меняю. Ещё - (я видел), что на роутер можно заходить, смотреть и править ошибки снаружи
(это лучше всего, но я пока не знаю, как это сделать).
* отдохну маленько, может что-то умное в голову придёт ...

There's usually 2 firewalls. The first is at the router and the second is on the server.

There's usually 2 firewalls. The first is on the router and the second is on the server.

1. I completely disabled the Windows firewall. (It doesn't take long to turn it on).
2. Why do all the certificates I create want to go to the "Trusted Root Cert Store" but they won't let them in? Most likely, because the "Trusted Root Cert Store" doesn't exist.
And it is created when someone comes for a certificate.
Therefore, I'll delete all the certificates now and do some "dancing with a tambourine" in the evening. :) I'll report what happens.

Hello everyone and have a good day. :)

Did you even have a full system backup of the servers(s) or anything?

And like Skills asked in a previous post:

"What happened to the live/production database? Do you still have it or did you wipe it when you pulled a backup?

What happened in the first place? What failed? What were the errors? What was the symptoms?"