Solved

Remote Web Workspace Certificates: Mulitple?

Posted on 2008-10-08
16
511 Views
Last Modified: 2013-11-21
I have a company that utilizes a domain name for access to Remote Web Workspace and they utilize a SSL certificate from a Trusted 3rd Party source. When someone accesses RWW on the LAN, they don't use this external domain name, but instead utilize an internal domain name via an internal DNS server. Since RWW is already utilizing the certificate of the internet accessible domain name, is there any way to have a second cert so that the domain-name mismatch error doesn't occur?
0
Comment
Question by:Tercestisi
  • 7
  • 6
  • 2
  • +1
16 Comments
 
LVL 7

Expert Comment

by:swaller
ID: 22675058
Can't you just have them access it with the outside url that matches the cert?
0
 

Author Comment

by:Tercestisi
ID: 22675259
I don't think so... the outside url points into the LAN where the request is originating from.
0
 
LVL 6

Expert Comment

by:Hardeep_Saluja
ID: 22675377
create it using ciecw n configure it
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 7

Assisted Solution

by:swaller
swaller earned 200 total points
ID: 22675592
Okay. let me rephrase.

You need to have them access it with the outside url.

If that is not working currently, then you need to create an Alias (C Name) or Host record on your DNS to make that work.
0
 

Author Comment

by:Tercestisi
ID: 22678095
Let me rephrase.

To my knowledge you cannot access a server that is on your LAN by using its WAN IP address when the request is originating from within the LAN itself.

I could be wrong...
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 300 total points
ID: 22690118
You could set up a routing path to do that. That being said, it is not always advisable to do that since technically this would make it so external addresses could route to your internal LAN, which is generally considered an unnecessary security risk.

A better option - you could get a UCC (multi-domain) certificate which supports multiple entries so you could put in the internal and external names, ip addresses, hostname, aliases, whatever.  Most major commercial CA's offer these.  If you just got your cert recently you could probably get a credit back from that towards the new cert.
0
 

Author Comment

by:Tercestisi
ID: 22690174
Looking over their network... they are just accessing the OWA and RWW by typing in the server name http://servername/ 

Would a server certificate that included servername.domain.local be covered by a 3rd party-signed cert? I don't know how that works.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22690357
Yes, you can issue a commercial CA cert to whatever you like - IP address, hostname, DNS name, etc.  Usually if they are just using it for internal use, you could check to see if they happen to have their own CA installed (Certification Authorities MMC and try to connect to another machine and browse - if there is it would show up, even if you don't have rights to connect to it).  If they do, these are free.  But if they need both an internal and external facing cert then commercial CA is the way to go with a UCC cert for the least amount of issues.
0
 

Author Comment

by:Tercestisi
ID: 22691500
Does a UCC cert allow for wildcards?  For example I need the cert to cover *.domain.com and servername.domain.local
0
 
LVL 7

Expert Comment

by:swaller
ID: 22700141
I think you are making this way too complicated. You already have a Trusted CA cert, why don't you just access the /remote and /exchange with the fqdn that is on the cert???
0
 

Author Comment

by:Tercestisi
ID: 22713897
Swaller... because, as to my knowledge, you can't.  How would you go about accessing an Internet-accessible URL that points to a fqdn that resides on a LAN that you are currently on?
0
 
LVL 7

Expert Comment

by:swaller
ID: 22717467
You type it in??? Have you not tried that? That is how every network I manage works. If yours does not resolve to the correct place then add a local DNS record to make it so.
0
 

Author Comment

by:Tercestisi
ID: 22720853
Swaller... that I could do; but you didn't say hat earlier. I was just saying that, sans DNS config, you could not type in an Internet accessible domain and expect it to load in your browser if that domain points to a box located on a LAN you're currently residing on.
0
 
LVL 7

Expert Comment

by:swaller
ID: 22723443
You can if the DNS forwarding is set up correctly and you are not using a Cisco router.
0
 

Author Comment

by:Tercestisi
ID: 22723534
We're using a Cisco router...
0
 
LVL 7

Expert Comment

by:swaller
ID: 22723574
aha
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question