?
Solved

How to install a ssl certificate for an internal site???

Posted on 2008-11-12
16
Medium Priority
?
540 Views
Last Modified: 2012-05-05
we have a 2003 web server and we just installed a ssl certificate onto the server for the external site.  now we get certificate errors internally when a user goes to the internal site through https

external site is https:\\xxx.dominaname.edu  ssl works fine

internal site is https:\\servername.domainname.local  ssl errors because the cert was for the external site

the internal and external sites are different as far as what the user types into the address bar.

how do i put a certificate on the internal site https:\\servername.domainname.local????
0
Comment
Question by:amoos
  • 7
  • 4
  • 4
  • +1
16 Comments
 
LVL 13

Expert Comment

by:leegclystvale
ID: 22941396
0
 
LVL 8

Expert Comment

by:mikainz
ID: 22941454
do you have permission to add entries to your DNS database?
If so, you can make CNAME entry for your servername.domainname.local which represents your server as xxx.domainname.edu to your internal users, so that you can call the website from internal with the same DNS name as from outside.
 
0
 

Author Comment

by:amoos
ID: 22941517
i added it to the trusted sites in my browser and i still get a certificate error.

my external site for my users to go to from home is https:\\xxx.domainname.edu\directory  this works perfectly fine but,

my internal site for my users to go to when they are at the office is https:\\servername.domainname.local\directory - this is when i get the certificate error.  the certificate that i bought from godaddy was for the external site not the internal site.  is there a way that i can assign a certificate to https:\\servername.domainname.local???
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:amoos
ID: 22941540
yes i can add DNS records to the database.  how would i do the CNAME that you are suggesting??
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 22941609
The cert you bought was specific to
xxx.yyy.edu
and this is all it will resolve for....the notes on GoDaddy are very specific about this
there are some work arounds
1- since you are inside your office/environemt...some choose to remove requirement of ssl
2-you could generate your own certificate - internal usage only
3-redirection - as mentioned above-is an option
0
 

Author Comment

by:amoos
ID: 22941639
how do i do numbers 1 and 2 that you mentioned??  great help
0
 

Author Comment

by:amoos
ID: 22941664
i am sorry i meant how do i do numbers 2 and 3 that you mentioned. sorry
0
 
LVL 8

Accepted Solution

by:
mikainz earned 1000 total points
ID: 22941690
try the DNS redirection
see http://support.microsoft.com/kb/323445/en-us for details..
0
 
LVL 8

Expert Comment

by:mikainz
ID: 22941731
you have to create a new forward lookup zone for domainname.edu
afterwards you can crate a CNAME record in this zone where the alias is xxx and the FQDN is servername.domainname.local  
hth
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 22941738
#2 - some  others recently posted these good answers
use utility "selfssl" this is on "IIS 6.0 Resource Kit Tools", you can create your certificate on your IIS server.

The concrete steps are:

1. exec "Metabase Explorer\MBExplorer.exe" to get your ID application (IIS application), you must search the ID list and find your domain name inside.

2. run "SelfSSL\selfssl.exe" like

selfssl /T /N:CN=YOUR_DOMAIN /V:365 /S:YOUR_ID_APP

365 are the number of days available.
and... that's all.

On client is more easy.
Open IE and go to your url application "https://www...." then IE alert to you but you can read certificate, then click on install certificate.


0
 

Author Comment

by:amoos
ID: 22941745
ok maybe i am doing this wrong.  when i follow the instructions, i right click on the forward lookup zone for the .local and then click new CNAME, when the new window comes up i can only enter in information for .local addresses.

what am i missing??
how do i redirect servername.domainname.local to xxx.domainname.edu??
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 22941761
also if you are mainly a MS shop here is another option

generate the certificates using Windows Certificate Services,
this website has a pretty easy explanation of how to generate test certificates using the IIS resource kit - http://www.somacon.com/p42.php

On Windows clients you have to manually add your certificate to the "Trusted Root Certificate Providers" in IE, then it will happily accept it. In IE its via the "tools" menu - "internet options" - "content" tab - certificates button. You can then import your certificate file into the relevant store. In IE6 you used to be able to just browse to the site and select "more information" when presented with the certificate warning, then import it from there but IE7 is a bit more picky - related to if it is in the Trusted zone.
0
 
LVL 8

Expert Comment

by:mikainz
ID: 22941795
create a new forward lookup zone for domainname.edu
0
 

Author Comment

by:amoos
ID: 22941934
now doing what was talked about in the making my own self signed ssl certificate, will it mess up the certificate that i already have on the server for the external site??? can i have both of these certs running at the same time on the same server??  awesome links
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 22942169
yes you can have multilple certs
ideally you will only need one on the local client
0
 

Author Comment

by:amoos
ID: 23087149
how can i out one on the local site as well?  i have one for the external site and the external site is xxx.mydomain.edu and the internal site is servername.mydomain.local
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Integration Management Part 2

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question