Solved

Remote Web Workspace Certificates: Mulitple?

Posted on 2008-10-08
16
523 Views
Last Modified: 2013-11-21
I have a company that utilizes a domain name for access to Remote Web Workspace and they utilize a SSL certificate from a Trusted 3rd Party source. When someone accesses RWW on the LAN, they don't use this external domain name, but instead utilize an internal domain name via an internal DNS server. Since RWW is already utilizing the certificate of the internet accessible domain name, is there any way to have a second cert so that the domain-name mismatch error doesn't occur?
0
Comment
Question by:Tercestisi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
  • +1
16 Comments
 
LVL 7

Expert Comment

by:swaller
ID: 22675058
Can't you just have them access it with the outside url that matches the cert?
0
 

Author Comment

by:Tercestisi
ID: 22675259
I don't think so... the outside url points into the LAN where the request is originating from.
0
 
LVL 6

Expert Comment

by:Hardeep_Saluja
ID: 22675377
create it using ciecw n configure it
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Assisted Solution

by:swaller
swaller earned 200 total points
ID: 22675592
Okay. let me rephrase.

You need to have them access it with the outside url.

If that is not working currently, then you need to create an Alias (C Name) or Host record on your DNS to make that work.
0
 

Author Comment

by:Tercestisi
ID: 22678095
Let me rephrase.

To my knowledge you cannot access a server that is on your LAN by using its WAN IP address when the request is originating from within the LAN itself.

I could be wrong...
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 300 total points
ID: 22690118
You could set up a routing path to do that. That being said, it is not always advisable to do that since technically this would make it so external addresses could route to your internal LAN, which is generally considered an unnecessary security risk.

A better option - you could get a UCC (multi-domain) certificate which supports multiple entries so you could put in the internal and external names, ip addresses, hostname, aliases, whatever.  Most major commercial CA's offer these.  If you just got your cert recently you could probably get a credit back from that towards the new cert.
0
 

Author Comment

by:Tercestisi
ID: 22690174
Looking over their network... they are just accessing the OWA and RWW by typing in the server name http://servername/ 

Would a server certificate that included servername.domain.local be covered by a 3rd party-signed cert? I don't know how that works.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22690357
Yes, you can issue a commercial CA cert to whatever you like - IP address, hostname, DNS name, etc.  Usually if they are just using it for internal use, you could check to see if they happen to have their own CA installed (Certification Authorities MMC and try to connect to another machine and browse - if there is it would show up, even if you don't have rights to connect to it).  If they do, these are free.  But if they need both an internal and external facing cert then commercial CA is the way to go with a UCC cert for the least amount of issues.
0
 

Author Comment

by:Tercestisi
ID: 22691500
Does a UCC cert allow for wildcards?  For example I need the cert to cover *.domain.com and servername.domain.local
0
 
LVL 7

Expert Comment

by:swaller
ID: 22700141
I think you are making this way too complicated. You already have a Trusted CA cert, why don't you just access the /remote and /exchange with the fqdn that is on the cert???
0
 

Author Comment

by:Tercestisi
ID: 22713897
Swaller... because, as to my knowledge, you can't.  How would you go about accessing an Internet-accessible URL that points to a fqdn that resides on a LAN that you are currently on?
0
 
LVL 7

Expert Comment

by:swaller
ID: 22717467
You type it in??? Have you not tried that? That is how every network I manage works. If yours does not resolve to the correct place then add a local DNS record to make it so.
0
 

Author Comment

by:Tercestisi
ID: 22720853
Swaller... that I could do; but you didn't say hat earlier. I was just saying that, sans DNS config, you could not type in an Internet accessible domain and expect it to load in your browser if that domain points to a box located on a LAN you're currently residing on.
0
 
LVL 7

Expert Comment

by:swaller
ID: 22723443
You can if the DNS forwarding is set up correctly and you are not using a Cisco router.
0
 

Author Comment

by:Tercestisi
ID: 22723534
We're using a Cisco router...
0
 
LVL 7

Expert Comment

by:swaller
ID: 22723574
aha
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question