When you don’t want to enable SSL offloading so both internet facing web site and the one behind reverse proxy are access over SSL you will receive domain name mismatch.
The solution is simple. Either:
- enable SSL Offloading
- enable Require Server Name Indication in bindings settings:
If you try to request a certificate from non-domain joined machine using the certificates snap-in (CertMgr.msc) then you need to install on the server hosting your Certificate Authority the following components:
(maybe you need just one of them but I’ve installed both)
and then enter its URI in the following format: