Connection to Application server fails with Certificate error when wildcard certificate is used (4332570)

When a wildcard certificate is used in IIS for HTTPS web access, connecting to the application server via the web portal will fail with the following error:

"VI.Base.ViException: An exception has occurred while executing the form method F0_ctl00_ControlRef8_ControlRef15_ControlRef15_ControlRef8b_Main_Main_GridBand1_gridLoader_ctl03_GridSearchBox.
---> System.AggregateException: One or more errors occurred.
---> System.AggregateException: One or more errors occurred.
---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation.
---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure."

This occurs even after re-entering the application server URL in the web portal's web design configuration editor tool and/or reinstalling the web portal to connect to the application server.

The cause is due to the wildcard certificate used.

A Wildcard certificate is a single certificate with a wildcard character (*) in the domain name field.  This allows the certificate to secure multiple sub domain names (hosts) pertaining to the same base domain.

Please see the following from Digicert: What is a Wildcard Certificate?

However, this could lead to the web application believing the certificate is invalid as the Domain Name in the certificate do not match the web server name.

Configure the web application to trust the certificate even if the Server Names do not match.

The "AllowServerNameMisMatch" property of the application server connection needs to be set to True in the web portal's web configuration.

1. Run the Web Designer Configuration Editor tool of the affected Web portal (e.g. C:\inetpub\wwwroot\IdentityManager\bin\WebDesigner.ConfigFileEditor.exe).

2. Expand "Search service" and select "Select application server".

3. In the "Enter the web address of the application server here" pop up window enter the URL of the application server and select the additional certificates if necessary.

4. Click on "Options" | "Advanced options".

5. Set "True" for "AllowServerNameMismatch" and Click "OK"

6. Select "File" | "Save" to save the changes and then close the editor.