Tercestisi
asked on
Remote Web Workspace Certificates: Mulitple?
I have a company that utilizes a domain name for access to Remote Web Workspace and they utilize a SSL certificate from a Trusted 3rd Party source. When someone accesses RWW on the LAN, they don't use this external domain name, but instead utilize an internal domain name via an internal DNS server. Since RWW is already utilizing the certificate of the internet accessible domain name, is there any way to have a second cert so that the domain-name mismatch error doesn't occur?
Can't you just have them access it with the outside url that matches the cert?
ASKER
I don't think so... the outside url points into the LAN where the request is originating from.
create it using ciecw n configure it
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Let me rephrase.
To my knowledge you cannot access a server that is on your LAN by using its WAN IP address when the request is originating from within the LAN itself.
I could be wrong...
To my knowledge you cannot access a server that is on your LAN by using its WAN IP address when the request is originating from within the LAN itself.
I could be wrong...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Looking over their network... they are just accessing the OWA and RWW by typing in the server name http://servername/
Would a server certificate that included servername.domain.local be covered by a 3rd party-signed cert? I don't know how that works.
Would a server certificate that included servername.domain.local be covered by a 3rd party-signed cert? I don't know how that works.
Yes, you can issue a commercial CA cert to whatever you like - IP address, hostname, DNS name, etc. Usually if they are just using it for internal use, you could check to see if they happen to have their own CA installed (Certification Authorities MMC and try to connect to another machine and browse - if there is it would show up, even if you don't have rights to connect to it). If they do, these are free. But if they need both an internal and external facing cert then commercial CA is the way to go with a UCC cert for the least amount of issues.
ASKER
Does a UCC cert allow for wildcards? For example I need the cert to cover *.domain.com and servername.domain.local
I think you are making this way too complicated. You already have a Trusted CA cert, why don't you just access the /remote and /exchange with the fqdn that is on the cert???
ASKER
Swaller... because, as to my knowledge, you can't. How would you go about accessing an Internet-accessible URL that points to a fqdn that resides on a LAN that you are currently on?
You type it in??? Have you not tried that? That is how every network I manage works. If yours does not resolve to the correct place then add a local DNS record to make it so.
ASKER
Swaller... that I could do; but you didn't say hat earlier. I was just saying that, sans DNS config, you could not type in an Internet accessible domain and expect it to load in your browser if that domain points to a box located on a LAN you're currently residing on.
You can if the DNS forwarding is set up correctly and you are not using a Cisco router.
ASKER
We're using a Cisco router...
aha