Solved

Remote Web Workspace Certificates: Mulitple?

Posted on 2008-10-08
16
500 Views
Last Modified: 2013-11-21
I have a company that utilizes a domain name for access to Remote Web Workspace and they utilize a SSL certificate from a Trusted 3rd Party source. When someone accesses RWW on the LAN, they don't use this external domain name, but instead utilize an internal domain name via an internal DNS server. Since RWW is already utilizing the certificate of the internet accessible domain name, is there any way to have a second cert so that the domain-name mismatch error doesn't occur?
0
Comment
Question by:Tercestisi
  • 7
  • 6
  • 2
  • +1
16 Comments
 
LVL 7

Expert Comment

by:swaller
ID: 22675058
Can't you just have them access it with the outside url that matches the cert?
0
 

Author Comment

by:Tercestisi
ID: 22675259
I don't think so... the outside url points into the LAN where the request is originating from.
0
 
LVL 6

Expert Comment

by:Hardeep_Saluja
ID: 22675377
create it using ciecw n configure it
0
 
LVL 7

Assisted Solution

by:swaller
swaller earned 200 total points
ID: 22675592
Okay. let me rephrase.

You need to have them access it with the outside url.

If that is not working currently, then you need to create an Alias (C Name) or Host record on your DNS to make that work.
0
 

Author Comment

by:Tercestisi
ID: 22678095
Let me rephrase.

To my knowledge you cannot access a server that is on your LAN by using its WAN IP address when the request is originating from within the LAN itself.

I could be wrong...
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 300 total points
ID: 22690118
You could set up a routing path to do that. That being said, it is not always advisable to do that since technically this would make it so external addresses could route to your internal LAN, which is generally considered an unnecessary security risk.

A better option - you could get a UCC (multi-domain) certificate which supports multiple entries so you could put in the internal and external names, ip addresses, hostname, aliases, whatever.  Most major commercial CA's offer these.  If you just got your cert recently you could probably get a credit back from that towards the new cert.
0
 

Author Comment

by:Tercestisi
ID: 22690174
Looking over their network... they are just accessing the OWA and RWW by typing in the server name http://servername/

Would a server certificate that included servername.domain.local be covered by a 3rd party-signed cert? I don't know how that works.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22690357
Yes, you can issue a commercial CA cert to whatever you like - IP address, hostname, DNS name, etc.  Usually if they are just using it for internal use, you could check to see if they happen to have their own CA installed (Certification Authorities MMC and try to connect to another machine and browse - if there is it would show up, even if you don't have rights to connect to it).  If they do, these are free.  But if they need both an internal and external facing cert then commercial CA is the way to go with a UCC cert for the least amount of issues.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Tercestisi
ID: 22691500
Does a UCC cert allow for wildcards?  For example I need the cert to cover *.domain.com and servername.domain.local
0
 
LVL 7

Expert Comment

by:swaller
ID: 22700141
I think you are making this way too complicated. You already have a Trusted CA cert, why don't you just access the /remote and /exchange with the fqdn that is on the cert???
0
 

Author Comment

by:Tercestisi
ID: 22713897
Swaller... because, as to my knowledge, you can't.  How would you go about accessing an Internet-accessible URL that points to a fqdn that resides on a LAN that you are currently on?
0
 
LVL 7

Expert Comment

by:swaller
ID: 22717467
You type it in??? Have you not tried that? That is how every network I manage works. If yours does not resolve to the correct place then add a local DNS record to make it so.
0
 

Author Comment

by:Tercestisi
ID: 22720853
Swaller... that I could do; but you didn't say hat earlier. I was just saying that, sans DNS config, you could not type in an Internet accessible domain and expect it to load in your browser if that domain points to a box located on a LAN you're currently residing on.
0
 
LVL 7

Expert Comment

by:swaller
ID: 22723443
You can if the DNS forwarding is set up correctly and you are not using a Cisco router.
0
 

Author Comment

by:Tercestisi
ID: 22723534
We're using a Cisco router...
0
 
LVL 7

Expert Comment

by:swaller
ID: 22723574
aha
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now