Solved

SSL Installation Problems

Posted on 2008-06-20
8
341 Views
Last Modified: 2010-04-21
Hello,

I am having some issues with the installation of an SSL certificate.  I purchased one from GoDaddy, but am using one from RapidSSL as a test.  

In one of my previous posts I asked if there would be any issues with keeping my internal domain as a .com when we also have a ISP hosted website with the same name.  I believe that is where the problem is coming from.

This is the guide I have been using to set up the SSL cert. (http://www.petri.co.il/configure_ssl_on_your_website_with_iis.htm).  Are there any particular steps I need to do differently?  Maybe like Step 11, where it asks for the common name.  What do I need to put in there?  My domain name?  Server name?

Main reason I'm installing this certificate is to enable the use of RPC over HTTP(S).

If I have left any info that you may need, please let me know.

Thank you.
0
Comment
Question by:Lucho305
  • 4
  • 4
8 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21835114

Hi there,

> In one of my previous posts I asked if there would be any issues with keeping my
> internal domain as a .com when we also have a ISP hosted website with the same name.

There's no problem with that. At least nothing that will impact SSL.

The Common Name is the name used to access the site. That is, if you have a web-site on www.yourdomain.com and wanted to use SSL then you would use a common name of www.yourdomain.com.

Chris
0
 

Author Comment

by:Lucho305
ID: 21835143
The SSL cert is not going to be used for the website itself (which is hosted by an ISP that has MX records pointing back to office server, for Exchange purposes) but for RPC over HTTPS and OWA (which currently is located at http://mail.mydomain.com/exchange).  If that makes any sense.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 21835171

It does make sense and that's fine :)

The common name used in the certificate needs to match the name you use to access the service (whatever that happens to be).

So if your target is https://mail.mydomain.com for RPC over HTTPS then the common name should be mail.mydomain.com. That allows it to negotiate encryption without bringing up warnings about the validity of the certificate.

There are different kinds of certificate that allow greater freedom in the name used; Wildcard and Subject Alternate Name (SAN) certificates for example. The latter is really useful for Exchange 2007 because of the large number of different services within Exchange that use SSL.

And just to touch of the local domain naming slightly. Because certificates are bound to a name, it doesn't matter which IP you use to access a service. So if mail.yourdomain.com resolves to an internal IP inside your network, but an external IP outside it will remain valid for both.

Chris
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:Lucho305
ID: 21835186
That's probably the reason it didn't work.  I was using mydomain.com as the common name.  I am leaving the office right now, but will try when I get home.  I will let you know the results.  Thanks for the quick responses.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21835194

Cool okay :)

Just yell if you still have problems, I'll be off to bed in a short while so don't worry if there's no immediate reply.

Have a good journey.

Chris
0
 

Author Comment

by:Lucho305
ID: 21845875
Ok, I'm back.  I couldn't write back over the weekend because my internet at home was down.

I followed your advice and now it is working 100%.  Thank you for all your help! :)
0
 

Author Closing Comment

by:Lucho305
ID: 31469329
Thank you for taking the time to help me :)
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21845980

You're welcome, glad it's working :)

Chris
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question