amoos
asked on
How to install a ssl certificate for an internal site???
we have a 2003 web server and we just installed a ssl certificate onto the server for the external site. now we get certificate errors internally when a user goes to the internal site through https
external site is https:\\xxx.dominaname.edu ssl works fine
internal site is https:\\servername.domainname.local ssl errors because the cert was for the external site
the internal and external sites are different as far as what the user types into the address bar.
how do i put a certificate on the internal site https:\\servername.domainname.local????
external site is https:\\xxx.dominaname.edu ssl works fine
internal site is https:\\servername.domainname.local ssl errors because the cert was for the external site
the internal and external sites are different as far as what the user types into the address bar.
how do i put a certificate on the internal site https:\\servername.domainname.local????
Have you tried https:\\exchangeservername\exchange?
do you have permission to add entries to your DNS database?
If so, you can make CNAME entry for your servername.domainname.loca l which represents your server as xxx.domainname.edu to your internal users, so that you can call the website from internal with the same DNS name as from outside.
If so, you can make CNAME entry for your servername.domainname.loca
ASKER
i added it to the trusted sites in my browser and i still get a certificate error.
my external site for my users to go to from home is https:\\xxx.domainname.edu\directory this works perfectly fine but,
my internal site for my users to go to when they are at the office is https:\\servername.domainname.local\directory - this is when i get the certificate error. the certificate that i bought from godaddy was for the external site not the internal site. is there a way that i can assign a certificate to https:\\servername.domainname.local???
my external site for my users to go to from home is https:\\xxx.domainname.edu\directory this works perfectly fine but,
my internal site for my users to go to when they are at the office is https:\\servername.domainname.local\directory - this is when i get the certificate error. the certificate that i bought from godaddy was for the external site not the internal site. is there a way that i can assign a certificate to https:\\servername.domainname.local???
ASKER
yes i can add DNS records to the database. how would i do the CNAME that you are suggesting??
The cert you bought was specific to
xxx.yyy.edu
and this is all it will resolve for....the notes on GoDaddy are very specific about this
there are some work arounds
1- since you are inside your office/environemt...some choose to remove requirement of ssl
2-you could generate your own certificate - internal usage only
3-redirection - as mentioned above-is an option
xxx.yyy.edu
and this is all it will resolve for....the notes on GoDaddy are very specific about this
there are some work arounds
1- since you are inside your office/environemt...some choose to remove requirement of ssl
2-you could generate your own certificate - internal usage only
3-redirection - as mentioned above-is an option
ASKER
how do i do numbers 1 and 2 that you mentioned?? great help
ASKER
i am sorry i meant how do i do numbers 2 and 3 that you mentioned. sorry
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you have to create a new forward lookup zone for domainname.edu
afterwards you can crate a CNAME record in this zone where the alias is xxx and the FQDN is servername.domainname.loca l
hth
afterwards you can crate a CNAME record in this zone where the alias is xxx and the FQDN is servername.domainname.loca
hth
#2 - some others recently posted these good answers
use utility "selfssl" this is on "IIS 6.0 Resource Kit Tools", you can create your certificate on your IIS server.
The concrete steps are:
1. exec "Metabase Explorer\MBExplorer.exe" to get your ID application (IIS application), you must search the ID list and find your domain name inside.
2. run "SelfSSL\selfssl.exe" like
selfssl /T /N:CN=YOUR_DOMAIN /V:365 /S:YOUR_ID_APP
365 are the number of days available.
and... that's all.
On client is more easy.
Open IE and go to your url application "https://www...." then IE alert to you but you can read certificate, then click on install certificate.
use utility "selfssl" this is on "IIS 6.0 Resource Kit Tools", you can create your certificate on your IIS server.
The concrete steps are:
1. exec "Metabase Explorer\MBExplorer.exe" to get your ID application (IIS application), you must search the ID list and find your domain name inside.
2. run "SelfSSL\selfssl.exe" like
selfssl /T /N:CN=YOUR_DOMAIN /V:365 /S:YOUR_ID_APP
365 are the number of days available.
and... that's all.
On client is more easy.
Open IE and go to your url application "https://www...." then IE alert to you but you can read certificate, then click on install certificate.
ASKER
ok maybe i am doing this wrong. when i follow the instructions, i right click on the forward lookup zone for the .local and then click new CNAME, when the new window comes up i can only enter in information for .local addresses.
what am i missing??
how do i redirect servername.domainname.loca l to xxx.domainname.edu??
what am i missing??
how do i redirect servername.domainname.loca
also if you are mainly a MS shop here is another option
generate the certificates using Windows Certificate Services,
this website has a pretty easy explanation of how to generate test certificates using the IIS resource kit - http://www.somacon.com/p42.php
On Windows clients you have to manually add your certificate to the "Trusted Root Certificate Providers" in IE, then it will happily accept it. In IE its via the "tools" menu - "internet options" - "content" tab - certificates button. You can then import your certificate file into the relevant store. In IE6 you used to be able to just browse to the site and select "more information" when presented with the certificate warning, then import it from there but IE7 is a bit more picky - related to if it is in the Trusted zone.
generate the certificates using Windows Certificate Services,
this website has a pretty easy explanation of how to generate test certificates using the IIS resource kit - http://www.somacon.com/p42.php
On Windows clients you have to manually add your certificate to the "Trusted Root Certificate Providers" in IE, then it will happily accept it. In IE its via the "tools" menu - "internet options" - "content" tab - certificates button. You can then import your certificate file into the relevant store. In IE6 you used to be able to just browse to the site and select "more information" when presented with the certificate warning, then import it from there but IE7 is a bit more picky - related to if it is in the Trusted zone.
create a new forward lookup zone for domainname.edu
ASKER
now doing what was talked about in the making my own self signed ssl certificate, will it mess up the certificate that i already have on the server for the external site??? can i have both of these certs running at the same time on the same server?? awesome links
yes you can have multilple certs
ideally you will only need one on the local client
ideally you will only need one on the local client
ASKER
how can i out one on the local site as well? i have one for the external site and the external site is xxx.mydomain.edu and the internal site is servername.mydomain.local