Solved

Self Signed Certificate SBS 2003 with multiple names

Posted on 2011-02-16
4
955 Views
Last Modified: 2012-05-11
IS it possible to have a self signed certificate with multiple name?  I bought a cert yrs ago from geo trust for sbs that allowed multiple friendly names so I could go to https://www.whatever.com   as well as https://lanserver  and not get the red bar.  Since that cert expired I have been using a self signed one, but I am unsure how to make it work for both public and local sites since they are the same site.  Right now I get the red bar because the local name doesn't match the name on the cert.  How can I fix this?  I am also using ISA 2004 so I assume I would need to add this cert to the "web listener" as well.  

I guess at the end of the day I could use the public domain name on the local network.  I just know my old cert worked so i know there is a way to make this work.  If it is going to cost I will just deal with more typing.  Just most of the SBS programs etc setup to use the local server name.  Just thought it would make life easier.
0
Comment
Question by:squashie8
  • 3
4 Comments
 
LVL 5

Accepted Solution

by:
lscarbor earned 250 total points
ID: 34916076
My understanding is that it is very difficult if not impossible in SBS 2003 to get one set up. In 2008 you can use power shell and get it done.
I've seen it done with DNS using an internal forward domain matching the external domain so that server.domain.xxx points to the ip of the internal unit. The red bar still popped up here and there because the server wasn't actually named the same as the cert request.

This isn't a bad alternative:
You can currently get a GoDaddy cert for $13. The correct type will allow multiples.  
http://www.godaddy.com/Compare/gdcompare_ssl.aspx?isc=sslqgo001a

That offer has been around one way or another for several years now if you search for coupon ssl godaddy

I'm sure there are other alternatives as well.
0
 

Author Comment

by:squashie8
ID: 34922779
I will accept your solution because I may actually go that route; However, I did find some information in a Microsoft KB.  I will post it in case it helps someone.  Since I have the certificate authority alreayd installed I may give this a shot.

http://support.microsoft.com/kb/931351 
0
 

Author Closing Comment

by:squashie8
ID: 34922787
The accepted solution was an alternative to what I wanted to do and I actually found some information that may give me the solution
0
 

Author Comment

by:squashie8
ID: 34923009
Ok just finished folloing the directions and installed the certificate on my ISA server and webserver.  Works like a champ!  Hope it helps others.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question