Godaddy certificate help???
Hi,
I have created a Go Daddy certificate and assigned it to Remote.CompanyName.Co.Uk. However the autherization has failed with go daddy. some of the details dont match. Go Daddy has sent a email explaining how we can create a cname with a special code (which they attached with the email) to prove we have control of the site.
These are the instructions go daddy sent us.
Domain Zone Control Validation w/CNAME
1. Access the DNS records for your domain name and create a "CNAME" (defined below) using the special code you received in your email.
2. After you have created the CNAME using the special code, log into your account, and click on the pending request for your common name. You will be presented with several options. Click on the link “Domain Zone Control w/CNAME”. If your CNAME entry is unable to be verified, you will be presented with an error, otherwise you will be taken back to the main certificate management page. Please allow a few minutes for the status of your account to be updated.
What would we enter for our cname? lets say our special code was xxxx. On our DNS control panel provided by our suppier we have "Origin", "Target", TTL?
I have created a Go Daddy certificate and assigned it to Remote.CompanyName.Co.Uk. However the autherization has failed with go daddy. some of the details dont match. Go Daddy has sent a email explaining how we can create a cname with a special code (which they attached with the email) to prove we have control of the site.
These are the instructions go daddy sent us.
Domain Zone Control Validation w/CNAME
1. Access the DNS records for your domain name and create a "CNAME" (defined below) using the special code you received in your email.
2. After you have created the CNAME using the special code, log into your account, and click on the pending request for your common name. You will be presented with several options. Click on the link “Domain Zone Control w/CNAME”. If your CNAME entry is unable to be verified, you will be presented with an error, otherwise you will be taken back to the main certificate management page. Please allow a few minutes for the status of your account to be updated.
What would we enter for our cname? lets say our special code was xxxx. On our DNS control panel provided by our suppier we have "Origin", "Target", TTL?
ASKER
my problem is im not sure what im suppose to be telling my hosting provider. I dont understand what go daddy are asking me to do. The hosting provider have 3 fields (below) to create Cnames, what should i tell them i want in those fields?
Fields are:
Origin
Target
TTL
Fields are:
Origin
Target
TTL
Origin = FQDN of machine that you're going to CNAME
Target = CNAME you wish to use for your Cert
TTL = Time To Live setting, this can be set at roughly 2 days, that way DNS servers will check for a change in DNS setting for that name every 2 days. This is about the norm. If you were planning on switching CNAMES all the time you would want to tweak that a bit more, common setting though is about 2 days.
Shooter
Target = CNAME you wish to use for your Cert
TTL = Time To Live setting, this can be set at roughly 2 days, that way DNS servers will check for a change in DNS setting for that name every 2 days. This is about the norm. If you were planning on switching CNAMES all the time you would want to tweak that a bit more, common setting though is about 2 days.
Shooter
First I think GoDaddy's instructions to you are if they are the ones hosting your DNS but from your input it doesn't look like they are.
Second a CNAME will not resolve a FQDN mis-match between the certificate and host name being entered into the browser. If the user is going to Remote.CompanyName.Co.Uk and the certificate is for Host1.CompanyName.Co.Uk a CNAME will only help them resolve the IP address but the browser with still complain that the host name and certificate do not match. CNAMEs do not redirect the users to the correct host name.
Second a CNAME will not resolve a FQDN mis-match between the certificate and host name being entered into the browser. If the user is going to Remote.CompanyName.Co.Uk and the certificate is for Host1.CompanyName.Co.Uk a CNAME will only help them resolve the IP address but the browser with still complain that the host name and certificate do not match. CNAMEs do not redirect the users to the correct host name.
There should be no mismatch as the website should have the host header information pointing to the CNAME and not the FQDN.
The CNAME target has no baring on the SSL Certificate. The FQDN/Hostname in the URL needs to match the common name on the Certificate.
So again. If the user is pointing to Remote.CompanyName.Co.Uk and the certificate is for Host1.CompanyName.Co.Uk they will get a SSL warning. Creating a CNAME record: 'Remote.CompanyName.Co.Uk CNAME Host1.CompanyName.Co.Uk' will not resolve the certificate warning generated by the application when it received the certificate from the server containing the common name Host1.CompanyName.Co.Uk , but the URL in the browser or application contains the FQDN: Remote.CompanyName.Co.Uk.
So again. If the user is pointing to Remote.CompanyName.Co.Uk and the certificate is for Host1.CompanyName.Co.Uk they will get a SSL warning. Creating a CNAME record: 'Remote.CompanyName.Co.Uk CNAME Host1.CompanyName.Co.Uk' will not resolve the certificate warning generated by the application when it received the certificate from the server containing the common name Host1.CompanyName.Co.Uk , but the URL in the browser or application contains the FQDN: Remote.CompanyName.Co.Uk.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
CNAME records are just a way for outside people to find the server that you're running your service on, the example above is one of the most common as many people have company hosted websites that are on a server in their network.
I'm sure your provider would be more then willing to help you setup a CNAME, just give them a ring.
Shooter