[Bug]: RemoteCertificateNameMismatch

HotCakeX / Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md

https://hotcakex.github.io

MIT License

1.84k stars 143 forks source link

[Bug]: RemoteCertificateNameMismatch #190

Closed ch0pshop closed 10 months ago

ch0pshop commented 10 months ago

Tools category

WDACConfig Module

Does your system meet the requirements?

[X] Yes, my system meets the requirements 👍

Is your Windows installation genuine?

[X] Yes, I am using genuine Windows installation. 💯

Please explain the bug

when executing cmd from 'WDAC policy for Fully Managed device - Variant 1', "New-WDACConfig -MakePolicyFromAuditLogs -BasePolicyType 'Allow Microsoft Base' -NoDeletedFiles" returns error: Invoke-WebRequest: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch Untitled

HotCakeX commented 10 months ago

Hi, Have you removed any built-in certificates from the system certificate stores? That error message basically means it can't find the proper certificate on your system to make a secure HTTPS connection to GitHub website to download the Microsoft recommended block rules.

HotCakeX commented 10 months ago

So I'm fairly certain the problem is that your certificate store is missing some of the CA certificates that come preinstalled with the OS.

You can find more info about the error in here: https://stackoverflow.com/questions/56257442/trusting-self-signed-certificate-in-invoke-webrequest-call

You can test it on an unmodified system or a clean VM. I'll close this due to inactivity but feel free to reopen it if there is more info or create new issue if there is something else. Thanks