FQDN resolution and certificates

[Guest]

Lets say my internal domain name for my 2003 network is example.com my
registered comapany name on the internet is mycompany.com Now lets say that i
host a website on a server that is a member of the example.com network and
this web server has a certificate installed on it to allow SSL. If the
internal server name that hosts the site is called server.example.com and the
url that users on the internet go to to hit the site is https://mycompany.com
knowing this how can i get this to work? I aks because the common name of a
certificate has to match the FQDN that users use to access the site. Do i
need to create zone for mycompany.com on my internal name serer?

Very confused on this

 

[Herb Martin]

Lets say my internal domain name for my 2003 network is example.com my
registered comapany name on the internet is mycompany.com Now lets say that i
host a website on a server that is a member of the example.com network and
this web server has a certificate installed on it to allow SSL. If the
internal server name that hosts the site is called server.example.com and the
url that users on the internet go to to hit the site is https://mycompany.com
knowing this how can i get this to work? I aks because the common name of a
certificate has to match the FQDN that users use to access the site. Do i
need to create zone for mycompany.com on my internal name serer?

I think that the certificate ONLY has to match the
web site name to the certificate name.

The machine name can be different (in most cases);
were this not so, only one certificated web server
could run on each machine.

You MIGHT -- in some cases-- have to set the computer
DNS name to this but I doubt it.

BTW, this really isn't a DNS question but rather a Certificate
or IIS question.

Nothing wrong with asking here but you might want the advide
of (more) people who do that more often.

 

[Ace Fekay [MVP]]

In Skipster <[email protected]> made a post then I commented
below
:: Lets say my internal domain name for my 2003 network is example.com
:: my registered comapany name on the internet is mycompany.com Now
:: lets say that i host a website on a server that is a member of the
:: example.com network and this web server has a certificate installed
:: on it to allow SSL. If the internal server name that hosts the site
:: is called server.example.com and the url that users on the internet
:: go to to hit the site is https://mycompany.com knowing this how can
:: i get this to work? I aks because the common name of a certificate
:: has to match the FQDN that users use to access the site. Do i need
:: to create zone for mycompany.com on my internal name serer?
::
:: Very confused on this


I am assuming you purchased a cert from a recognized authority, and did not
acquire it from your internal CA.I am also assuming the cert was purchased
with the intended name of the URL as www.example.com.

Since your domain names are different, but the webserver is internal, you
will need to create a a zone called example.com, create a blank A host
record and a www A record, both pointing to the INTERNAL IP address of the
web server. This is also assuming all your internal machines are ONLY using
the internal DNS server and you have a forwarder configured.

In the website properities in IIS, ensure that these two host headers are
configured:
example.com
www.example.com

Keep in mind, if your intended URL on the cert is www.example.com, users may
get a message when connecting with http://example.com saying the names don't
match. Just hit Ok and they will be able to view it.

Cheers!

--
Regards,
Ace

G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.