How to install a ssl certificate for an internal site???

we have a 2003 web server and we just installed a ssl certificate onto the server for the external site.  now we get certificate errors internally when a user goes to the internal site through https

external site is https:\\xxx.dominaname.edu  ssl works fine

internal site is https:\\servername.domainname.local  ssl errors because the cert was for the external site

the internal and external sites are different as far as what the user types into the address bar.

how do i put a certificate on the internal site https:\\servername.domainname.local????
amoosAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

leegclystvaleCommented:
0
mikainzCommented:
do you have permission to add entries to your DNS database?
If so, you can make CNAME entry for your servername.domainname.local which represents your server as xxx.domainname.edu to your internal users, so that you can call the website from internal with the same DNS name as from outside.
 
0
amoosAuthor Commented:
i added it to the trusted sites in my browser and i still get a certificate error.

my external site for my users to go to from home is https:\\xxx.domainname.edu\directory  this works perfectly fine but,

my internal site for my users to go to when they are at the office is https:\\servername.domainname.local\directory - this is when i get the certificate error.  the certificate that i bought from godaddy was for the external site not the internal site.  is there a way that i can assign a certificate to https:\\servername.domainname.local???
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

amoosAuthor Commented:
yes i can add DNS records to the database.  how would i do the CNAME that you are suggesting??
0
DarinTCHSenior CyberSecurity EngineerCommented:
The cert you bought was specific to
xxx.yyy.edu
and this is all it will resolve for....the notes on GoDaddy are very specific about this
there are some work arounds
1- since you are inside your office/environemt...some choose to remove requirement of ssl
2-you could generate your own certificate - internal usage only
3-redirection - as mentioned above-is an option
0
amoosAuthor Commented:
how do i do numbers 1 and 2 that you mentioned??  great help
0
amoosAuthor Commented:
i am sorry i meant how do i do numbers 2 and 3 that you mentioned. sorry
0
mikainzCommented:
try the DNS redirection
see http://support.microsoft.com/kb/323445/en-us for details..
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mikainzCommented:
you have to create a new forward lookup zone for domainname.edu
afterwards you can crate a CNAME record in this zone where the alias is xxx and the FQDN is servername.domainname.local  
hth
0
DarinTCHSenior CyberSecurity EngineerCommented:
#2 - some  others recently posted these good answers
use utility "selfssl" this is on "IIS 6.0 Resource Kit Tools", you can create your certificate on your IIS server.

The concrete steps are:

1. exec "Metabase Explorer\MBExplorer.exe" to get your ID application (IIS application), you must search the ID list and find your domain name inside.

2. run "SelfSSL\selfssl.exe" like

selfssl /T /N:CN=YOUR_DOMAIN /V:365 /S:YOUR_ID_APP

365 are the number of days available.
and... that's all.

On client is more easy.
Open IE and go to your url application "https://www...." then IE alert to you but you can read certificate, then click on install certificate.


0
amoosAuthor Commented:
ok maybe i am doing this wrong.  when i follow the instructions, i right click on the forward lookup zone for the .local and then click new CNAME, when the new window comes up i can only enter in information for .local addresses.

what am i missing??
how do i redirect servername.domainname.local to xxx.domainname.edu??
0
DarinTCHSenior CyberSecurity EngineerCommented:
also if you are mainly a MS shop here is another option

generate the certificates using Windows Certificate Services,
this website has a pretty easy explanation of how to generate test certificates using the IIS resource kit - http://www.somacon.com/p42.php

On Windows clients you have to manually add your certificate to the "Trusted Root Certificate Providers" in IE, then it will happily accept it. In IE its via the "tools" menu - "internet options" - "content" tab - certificates button. You can then import your certificate file into the relevant store. In IE6 you used to be able to just browse to the site and select "more information" when presented with the certificate warning, then import it from there but IE7 is a bit more picky - related to if it is in the Trusted zone.
0
mikainzCommented:
create a new forward lookup zone for domainname.edu
0
amoosAuthor Commented:
now doing what was talked about in the making my own self signed ssl certificate, will it mess up the certificate that i already have on the server for the external site??? can i have both of these certs running at the same time on the same server??  awesome links
0
DarinTCHSenior CyberSecurity EngineerCommented:
yes you can have multilple certs
ideally you will only need one on the local client
0
amoosAuthor Commented:
how can i out one on the local site as well?  i have one for the external site and the external site is xxx.mydomain.edu and the internal site is servername.mydomain.local
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.