FQDN resolution and certificates

Archived from groups: microsoft.public.win2000.dns (More info?)

Lets say my internal domain name for my 2003 network is example.com my
registered comapany name on the internet is mycompany.com Now lets say that i
host a website on a server that is a member of the example.com network and
this web server has a certificate installed on it to allow SSL. If the
internal server name that hosts the site is called server.example.com and the
url that users on the internet go to to hit the site is https://mycompany.com
knowing this how can i get this to work? I aks because the common name of a
certificate has to match the FQDN that users use to access the site. Do i
need to create zone for mycompany.com on my internal name serer?

Very confused on this
2 answers Last reply
More about fqdn resolution certificates
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Skipster" <Skipster@discussions.microsoft.com> wrote in message
    news:448D342E-FC5C-47D9-8AFC-FFD3BBA929AF@microsoft.com...
    > Lets say my internal domain name for my 2003 network is example.com my
    > registered comapany name on the internet is mycompany.com Now lets say
    that i
    > host a website on a server that is a member of the example.com network and
    > this web server has a certificate installed on it to allow SSL. If the
    > internal server name that hosts the site is called server.example.com and
    the
    > url that users on the internet go to to hit the site is
    https://mycompany.com
    > knowing this how can i get this to work? I aks because the common name of
    a
    > certificate has to match the FQDN that users use to access the site. Do i
    > need to create zone for mycompany.com on my internal name serer?

    I think that the certificate ONLY has to match the
    web site name to the certificate name.

    The machine name can be different (in most cases);
    were this not so, only one certificated web server
    could run on each machine.

    You MIGHT -- in some cases-- have to set the computer
    DNS name to this but I doubt it.

    BTW, this really isn't a DNS question but rather a Certificate
    or IIS question.

    Nothing wrong with asking here but you might want the advide
    of (more) people who do that more often.


    --
    Herb Martin


    >
    > Very confused on this
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:448D342E-FC5C-47D9-8AFC-FFD3BBA929AF@microsoft.com,
    Skipster <Skipster@discussions.microsoft.com> made a post then I commented
    below
    :: Lets say my internal domain name for my 2003 network is example.com
    :: my registered comapany name on the internet is mycompany.com Now
    :: lets say that i host a website on a server that is a member of the
    :: example.com network and this web server has a certificate installed
    :: on it to allow SSL. If the internal server name that hosts the site
    :: is called server.example.com and the url that users on the internet
    :: go to to hit the site is https://mycompany.com knowing this how can
    :: i get this to work? I aks because the common name of a certificate
    :: has to match the FQDN that users use to access the site. Do i need
    :: to create zone for mycompany.com on my internal name serer?
    ::
    :: Very confused on this


    I am assuming you purchased a cert from a recognized authority, and did not
    acquire it from your internal CA.I am also assuming the cert was purchased
    with the intended name of the URL as www.example.com.

    Since your domain names are different, but the webserver is internal, you
    will need to create a a zone called example.com, create a blank A host
    record and a www A record, both pointing to the INTERNAL IP address of the
    web server. This is also assuming all your internal machines are ONLY using
    the internal DNS server and you have a forwarder configured.

    In the website properities in IIS, ensure that these two host headers are
    configured:
    example.com
    www.example.com

    Keep in mind, if your intended URL on the cert is www.example.com, users may
    get a message when connecting with http://example.com saying the names don't
    match. Just hit Ok and they will be able to view it.

    Cheers!

    --
    Regards,
    Ace

    G O E A G L E S !!!
    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
    --
    =================================
Ask a new question

Read More

Servers Windows