Solved

Self Signed Certificate SBS 2003 with multiple names

Posted on 2011-02-16
4
953 Views
Last Modified: 2012-05-11
IS it possible to have a self signed certificate with multiple name?  I bought a cert yrs ago from geo trust for sbs that allowed multiple friendly names so I could go to https://www.whatever.com   as well as https://lanserver  and not get the red bar.  Since that cert expired I have been using a self signed one, but I am unsure how to make it work for both public and local sites since they are the same site.  Right now I get the red bar because the local name doesn't match the name on the cert.  How can I fix this?  I am also using ISA 2004 so I assume I would need to add this cert to the "web listener" as well.  

I guess at the end of the day I could use the public domain name on the local network.  I just know my old cert worked so i know there is a way to make this work.  If it is going to cost I will just deal with more typing.  Just most of the SBS programs etc setup to use the local server name.  Just thought it would make life easier.
0
Comment
Question by:squashie8
  • 3
4 Comments
 
LVL 5

Accepted Solution

by:
lscarbor earned 250 total points
ID: 34916076
My understanding is that it is very difficult if not impossible in SBS 2003 to get one set up. In 2008 you can use power shell and get it done.
I've seen it done with DNS using an internal forward domain matching the external domain so that server.domain.xxx points to the ip of the internal unit. The red bar still popped up here and there because the server wasn't actually named the same as the cert request.

This isn't a bad alternative:
You can currently get a GoDaddy cert for $13. The correct type will allow multiples.  
http://www.godaddy.com/Compare/gdcompare_ssl.aspx?isc=sslqgo001a

That offer has been around one way or another for several years now if you search for coupon ssl godaddy

I'm sure there are other alternatives as well.
0
 

Author Comment

by:squashie8
ID: 34922779
I will accept your solution because I may actually go that route; However, I did find some information in a Microsoft KB.  I will post it in case it helps someone.  Since I have the certificate authority alreayd installed I may give this a shot.

http://support.microsoft.com/kb/931351 
0
 

Author Closing Comment

by:squashie8
ID: 34922787
The accepted solution was an alternative to what I wanted to do and I actually found some information that may give me the solution
0
 

Author Comment

by:squashie8
ID: 34923009
Ok just finished folloing the directions and installed the certificate on my ISA server and webserver.  Works like a champ!  Hope it helps others.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now