Solved

SSL Installation Problems

Posted on 2008-06-20
8
330 Views
Last Modified: 2010-04-21
Hello,

I am having some issues with the installation of an SSL certificate.  I purchased one from GoDaddy, but am using one from RapidSSL as a test.  

In one of my previous posts I asked if there would be any issues with keeping my internal domain as a .com when we also have a ISP hosted website with the same name.  I believe that is where the problem is coming from.

This is the guide I have been using to set up the SSL cert. (http://www.petri.co.il/configure_ssl_on_your_website_with_iis.htm).  Are there any particular steps I need to do differently?  Maybe like Step 11, where it asks for the common name.  What do I need to put in there?  My domain name?  Server name?

Main reason I'm installing this certificate is to enable the use of RPC over HTTP(S).

If I have left any info that you may need, please let me know.

Thank you.
0
Comment
Question by:Lucho305
  • 4
  • 4
8 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 21835114

Hi there,

> In one of my previous posts I asked if there would be any issues with keeping my
> internal domain as a .com when we also have a ISP hosted website with the same name.

There's no problem with that. At least nothing that will impact SSL.

The Common Name is the name used to access the site. That is, if you have a web-site on www.yourdomain.com and wanted to use SSL then you would use a common name of www.yourdomain.com.

Chris
0
 

Author Comment

by:Lucho305
ID: 21835143
The SSL cert is not going to be used for the website itself (which is hosted by an ISP that has MX records pointing back to office server, for Exchange purposes) but for RPC over HTTPS and OWA (which currently is located at http://mail.mydomain.com/exchange).  If that makes any sense.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 21835171

It does make sense and that's fine :)

The common name used in the certificate needs to match the name you use to access the service (whatever that happens to be).

So if your target is https://mail.mydomain.com for RPC over HTTPS then the common name should be mail.mydomain.com. That allows it to negotiate encryption without bringing up warnings about the validity of the certificate.

There are different kinds of certificate that allow greater freedom in the name used; Wildcard and Subject Alternate Name (SAN) certificates for example. The latter is really useful for Exchange 2007 because of the large number of different services within Exchange that use SSL.

And just to touch of the local domain naming slightly. Because certificates are bound to a name, it doesn't matter which IP you use to access a service. So if mail.yourdomain.com resolves to an internal IP inside your network, but an external IP outside it will remain valid for both.

Chris
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Lucho305
ID: 21835186
That's probably the reason it didn't work.  I was using mydomain.com as the common name.  I am leaving the office right now, but will try when I get home.  I will let you know the results.  Thanks for the quick responses.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 21835194

Cool okay :)

Just yell if you still have problems, I'll be off to bed in a short while so don't worry if there's no immediate reply.

Have a good journey.

Chris
0
 

Author Comment

by:Lucho305
ID: 21845875
Ok, I'm back.  I couldn't write back over the weekend because my internet at home was down.

I followed your advice and now it is working 100%.  Thank you for all your help! :)
0
 

Author Closing Comment

by:Lucho305
ID: 31469329
Thank you for taking the time to help me :)
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 21845980

You're welcome, glad it's working :)

Chris
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question