Solved

SSL Installation Problems

Posted on 2008-06-20
8
347 Views
Last Modified: 2010-04-21
Hello,

I am having some issues with the installation of an SSL certificate.  I purchased one from GoDaddy, but am using one from RapidSSL as a test.  

In one of my previous posts I asked if there would be any issues with keeping my internal domain as a .com when we also have a ISP hosted website with the same name.  I believe that is where the problem is coming from.

This is the guide I have been using to set up the SSL cert. (http://www.petri.co.il/configure_ssl_on_your_website_with_iis.htm).  Are there any particular steps I need to do differently?  Maybe like Step 11, where it asks for the common name.  What do I need to put in there?  My domain name?  Server name?

Main reason I'm installing this certificate is to enable the use of RPC over HTTP(S).

If I have left any info that you may need, please let me know.

Thank you.
0
Comment
Question by:Lucho305
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21835114

Hi there,

> In one of my previous posts I asked if there would be any issues with keeping my
> internal domain as a .com when we also have a ISP hosted website with the same name.

There's no problem with that. At least nothing that will impact SSL.

The Common Name is the name used to access the site. That is, if you have a web-site on www.yourdomain.com and wanted to use SSL then you would use a common name of www.yourdomain.com.

Chris
0
 

Author Comment

by:Lucho305
ID: 21835143
The SSL cert is not going to be used for the website itself (which is hosted by an ISP that has MX records pointing back to office server, for Exchange purposes) but for RPC over HTTPS and OWA (which currently is located at http://mail.mydomain.com/exchange).  If that makes any sense.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 21835171

It does make sense and that's fine :)

The common name used in the certificate needs to match the name you use to access the service (whatever that happens to be).

So if your target is https://mail.mydomain.com for RPC over HTTPS then the common name should be mail.mydomain.com. That allows it to negotiate encryption without bringing up warnings about the validity of the certificate.

There are different kinds of certificate that allow greater freedom in the name used; Wildcard and Subject Alternate Name (SAN) certificates for example. The latter is really useful for Exchange 2007 because of the large number of different services within Exchange that use SSL.

And just to touch of the local domain naming slightly. Because certificates are bound to a name, it doesn't matter which IP you use to access a service. So if mail.yourdomain.com resolves to an internal IP inside your network, but an external IP outside it will remain valid for both.

Chris
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 

Author Comment

by:Lucho305
ID: 21835186
That's probably the reason it didn't work.  I was using mydomain.com as the common name.  I am leaving the office right now, but will try when I get home.  I will let you know the results.  Thanks for the quick responses.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21835194

Cool okay :)

Just yell if you still have problems, I'll be off to bed in a short while so don't worry if there's no immediate reply.

Have a good journey.

Chris
0
 

Author Comment

by:Lucho305
ID: 21845875
Ok, I'm back.  I couldn't write back over the weekend because my internet at home was down.

I followed your advice and now it is working 100%.  Thank you for all your help! :)
0
 

Author Closing Comment

by:Lucho305
ID: 31469329
Thank you for taking the time to help me :)
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21845980

You're welcome, glad it's working :)

Chris
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question