How to install a ssl certificate for an internal site???

we have a 2003 web server and we just installed a ssl certificate onto the server for the external site.  now we get certificate errors internally when a user goes to the internal site through https

external site is https:\\  ssl works fine

internal site is https:\\servername.domainname.local  ssl errors because the cert was for the external site

the internal and external sites are different as far as what the user types into the address bar.

how do i put a certificate on the internal site https:\\servername.domainname.local????
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

do you have permission to add entries to your DNS database?
If so, you can make CNAME entry for your servername.domainname.local which represents your server as to your internal users, so that you can call the website from internal with the same DNS name as from outside.
amoosAuthor Commented:
i added it to the trusted sites in my browser and i still get a certificate error.

my external site for my users to go to from home is https:\\\directory  this works perfectly fine but,

my internal site for my users to go to when they are at the office is https:\\servername.domainname.local\directory - this is when i get the certificate error.  the certificate that i bought from godaddy was for the external site not the internal site.  is there a way that i can assign a certificate to https:\\servername.domainname.local???
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

amoosAuthor Commented:
yes i can add DNS records to the database.  how would i do the CNAME that you are suggesting??
DarinTCHSenior CyberSecurity EngineerCommented:
The cert you bought was specific to
and this is all it will resolve for....the notes on GoDaddy are very specific about this
there are some work arounds
1- since you are inside your office/environemt...some choose to remove requirement of ssl
2-you could generate your own certificate - internal usage only
3-redirection - as mentioned above-is an option
amoosAuthor Commented:
how do i do numbers 1 and 2 that you mentioned??  great help
amoosAuthor Commented:
i am sorry i meant how do i do numbers 2 and 3 that you mentioned. sorry
try the DNS redirection
see for details..

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
you have to create a new forward lookup zone for
afterwards you can crate a CNAME record in this zone where the alias is xxx and the FQDN is servername.domainname.local  
DarinTCHSenior CyberSecurity EngineerCommented:
#2 - some  others recently posted these good answers
use utility "selfssl" this is on "IIS 6.0 Resource Kit Tools", you can create your certificate on your IIS server.

The concrete steps are:

1. exec "Metabase Explorer\MBExplorer.exe" to get your ID application (IIS application), you must search the ID list and find your domain name inside.

2. run "SelfSSL\selfssl.exe" like

selfssl /T /N:CN=YOUR_DOMAIN /V:365 /S:YOUR_ID_APP

365 are the number of days available.
and... that's all.

On client is more easy.
Open IE and go to your url application "https://www...." then IE alert to you but you can read certificate, then click on install certificate.

amoosAuthor Commented:
ok maybe i am doing this wrong.  when i follow the instructions, i right click on the forward lookup zone for the .local and then click new CNAME, when the new window comes up i can only enter in information for .local addresses.

what am i missing??
how do i redirect servername.domainname.local to
DarinTCHSenior CyberSecurity EngineerCommented:
also if you are mainly a MS shop here is another option

generate the certificates using Windows Certificate Services,
this website has a pretty easy explanation of how to generate test certificates using the IIS resource kit -

On Windows clients you have to manually add your certificate to the "Trusted Root Certificate Providers" in IE, then it will happily accept it. In IE its via the "tools" menu - "internet options" - "content" tab - certificates button. You can then import your certificate file into the relevant store. In IE6 you used to be able to just browse to the site and select "more information" when presented with the certificate warning, then import it from there but IE7 is a bit more picky - related to if it is in the Trusted zone.
create a new forward lookup zone for
amoosAuthor Commented:
now doing what was talked about in the making my own self signed ssl certificate, will it mess up the certificate that i already have on the server for the external site??? can i have both of these certs running at the same time on the same server??  awesome links
DarinTCHSenior CyberSecurity EngineerCommented:
yes you can have multilple certs
ideally you will only need one on the local client
amoosAuthor Commented:
how can i out one on the local site as well?  i have one for the external site and the external site is and the internal site is servername.mydomain.local
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.