Solved

SSL Installation Problems

Posted on 2008-06-20
8
352 Views
Last Modified: 2010-04-21
Hello,

I am having some issues with the installation of an SSL certificate.  I purchased one from GoDaddy, but am using one from RapidSSL as a test.  

In one of my previous posts I asked if there would be any issues with keeping my internal domain as a .com when we also have a ISP hosted website with the same name.  I believe that is where the problem is coming from.

This is the guide I have been using to set up the SSL cert. (http://www.petri.co.il/configure_ssl_on_your_website_with_iis.htm).  Are there any particular steps I need to do differently?  Maybe like Step 11, where it asks for the common name.  What do I need to put in there?  My domain name?  Server name?

Main reason I'm installing this certificate is to enable the use of RPC over HTTP(S).

If I have left any info that you may need, please let me know.

Thank you.
0
Comment
Question by:Lucho305
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21835114

Hi there,

> In one of my previous posts I asked if there would be any issues with keeping my
> internal domain as a .com when we also have a ISP hosted website with the same name.

There's no problem with that. At least nothing that will impact SSL.

The Common Name is the name used to access the site. That is, if you have a web-site on www.yourdomain.com and wanted to use SSL then you would use a common name of www.yourdomain.com.

Chris
0
 

Author Comment

by:Lucho305
ID: 21835143
The SSL cert is not going to be used for the website itself (which is hosted by an ISP that has MX records pointing back to office server, for Exchange purposes) but for RPC over HTTPS and OWA (which currently is located at http://mail.mydomain.com/exchange).  If that makes any sense.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 21835171

It does make sense and that's fine :)

The common name used in the certificate needs to match the name you use to access the service (whatever that happens to be).

So if your target is https://mail.mydomain.com for RPC over HTTPS then the common name should be mail.mydomain.com. That allows it to negotiate encryption without bringing up warnings about the validity of the certificate.

There are different kinds of certificate that allow greater freedom in the name used; Wildcard and Subject Alternate Name (SAN) certificates for example. The latter is really useful for Exchange 2007 because of the large number of different services within Exchange that use SSL.

And just to touch of the local domain naming slightly. Because certificates are bound to a name, it doesn't matter which IP you use to access a service. So if mail.yourdomain.com resolves to an internal IP inside your network, but an external IP outside it will remain valid for both.

Chris
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:Lucho305
ID: 21835186
That's probably the reason it didn't work.  I was using mydomain.com as the common name.  I am leaving the office right now, but will try when I get home.  I will let you know the results.  Thanks for the quick responses.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21835194

Cool okay :)

Just yell if you still have problems, I'll be off to bed in a short while so don't worry if there's no immediate reply.

Have a good journey.

Chris
0
 

Author Comment

by:Lucho305
ID: 21845875
Ok, I'm back.  I couldn't write back over the weekend because my internet at home was down.

I followed your advice and now it is working 100%.  Thank you for all your help! :)
0
 

Author Closing Comment

by:Lucho305
ID: 31469329
Thank you for taking the time to help me :)
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21845980

You're welcome, glad it's working :)

Chris
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question