kankerfist
asked on
Having trouble getting certificate popup to go away from server 2003
I have asked this question once before here but I did not make it clear how computer illiterate I am. I don't know any computer vocabulary, I am only capable of blindly clicking and typing exactly as told... Anyways, my boss fired the IT guy and left it to me to get the certificate popup to go away when people go to our windows server 2003 website. We type the "IP" address into internet explorer, and then some warning pops up telling us our certificate is not verified. My boss then bought a certificate from GoDaddy.com after seeing the commercial on the superbowl. Now we have the certificate, and absolutely no idea what to do with it or even what it is. Boss is mad at me and any help would be very nice. Please tell me if I need to give you more information to answer this question (and how to go about getting the info to give to you)
ASKER
Well we got a certificate and a new www name for the server from GoDaddy. We aren't sure how to put the 2003 server under this new WWW address instead of just using the servers IP address. I think boss and me are in over our heads on this one, is there a service or a company that we could hire to come do this for us maybe?
You can call Microsoft and open a support incident for around $250. I can guarantee they would be able to help out.... :-)
However, it probably doesn't need to come to that.
What is the fully qualified domain name the server should respond to?
What is the IP of the server?
What do you get if you ping the fully qualified domain name?
Is this server going to be available on the Internet or is it for intranet use only?
All in all, setting up SSL is fairly easy and we'll be happy to help out.... :-)
Dave Dietz
However, it probably doesn't need to come to that.
What is the fully qualified domain name the server should respond to?
What is the IP of the server?
What do you get if you ping the fully qualified domain name?
Is this server going to be available on the Internet or is it for intranet use only?
All in all, setting up SSL is fairly easy and we'll be happy to help out.... :-)
Dave Dietz
ASKER
Ok here is the info:
-The new domain we just bought is www.5tsi.com. Pinging that works cause we bought it from godaddy a few weeks ago.
-The server responds to 69.15.78.10. It always has responded to that, but we now want to change that to www.5tsi.com.
-The server needs to be available on the internet and the intranet.
Also, the Godaddy tech support guys got me to the certificate authority part of their site. This is what it says:
To apply for a Medium Assurance Web Server Certificate, you must generate and submit a Certificate Signing Request (CSR) to the Certification Authority.
Common Name ("CN") field: When generating your CSR, the name in the Common Name field must be the fully-qualified domain name for the Web site you wil [sic] be using the certificate for (e.g., www.domainame-goes-here.com). Do not include "http://" or "https://".
When you have generated your CSR, cut and paste the content into the box below.
Click here for CSR-generation instructions for all supported server software.
-I am not sure what they are talking about. Do they want me to go on my 2003 server and somehow generate a "CSR" ? And does the CSR need to be the current IP address, or the www.5tsi.com? Tell me any info that I have left out and I will get back with it. Thanks a lot
-The new domain we just bought is www.5tsi.com. Pinging that works cause we bought it from godaddy a few weeks ago.
-The server responds to 69.15.78.10. It always has responded to that, but we now want to change that to www.5tsi.com.
-The server needs to be available on the internet and the intranet.
Also, the Godaddy tech support guys got me to the certificate authority part of their site. This is what it says:
To apply for a Medium Assurance Web Server Certificate, you must generate and submit a Certificate Signing Request (CSR) to the Certification Authority.
Common Name ("CN") field: When generating your CSR, the name in the Common Name field must be the fully-qualified domain name for the Web site you wil [sic] be using the certificate for (e.g., www.domainame-goes-here.com). Do not include "http://" or "https://".
When you have generated your CSR, cut and paste the content into the box below.
Click here for CSR-generation instructions for all supported server software.
-I am not sure what they are talking about. Do they want me to go on my 2003 server and somehow generate a "CSR" ? And does the CSR need to be the current IP address, or the www.5tsi.com? Tell me any info that I have left out and I will get back with it. Thanks a lot
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1) It checks to make sure the date is within the certificates validity period - generally this is a year so you should be OK
2) It checks to see if it trusts the certificate's issuer - it should since you purchased the certificate from a fairly well known vendor
3) It checks to see if the host name (www.wherever.com) is the same as the common name of the certificate
Number 3 is likely where you are failing since it is not valid to use an IP address as a common name for a certificate. If you click the View Certificate button when the warning comes up the common name ofthe certificate is what shows next to 'Issued to' - this is what you should be typing in your browser to reach the site instead of the IP address. If you cannot reach your site using this name instead of the IP address then you either need a new certificate or you need to fix your DNS entries for the site.
Dave Dietz