Solved

Remote desktop farm with wildcard cert

Posted on 2011-03-13
3
1,358 Views
Last Modified: 2013-11-21
Hi,
I have setup a remote desktop farm

Gateway: gateway.mydomain.org --> gw01.internal.local,gw02.internal.local
RD farm : farm.nlb.mydomain.org --> rd01.internal.local,rd02.internal.local,rd03.internal.local,rd04.internal.local

I have assigned a wildcard cert to all the remote desktop servers and the gateway servers but seem to have a little problem.

I get a cert error "Name mismatch"
requested remote computer
farm.nlb.mydomain.org
Name in the certificate from the remote computer
*.mydomain.org

Do i need to buy another wildcard cert to use on the remote desktop servers or do i need to do some thing else ?
Can i wildcard cert not be used on child domains?
0
Comment
Question by:dkSoftware
  • 2
3 Comments
 

Author Comment

by:dkSoftware
ID: 35126945
Has no one faced this issue before ?
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 500 total points
ID: 35131135
The problem is that the URl doesn't conform to the wildcard specification.

*.mydomain.org will match for server1.mydomain.org, thatcomputer.mydomain.org, otherserver.mydomain.org but does not match bobs.computer.mydomain.org.

A wildcard certificate can only use a wildcard for the leftmost entity of the host portion fo the URI and there can be no dots in that entity.  To match farm.nlb.mydomain.org you would need a certificate for *.nlb.mydomain.org which would then work for fram.nlb.mydomain.org, farm2.nlb.mydomain.org, etc.

To have a certificate that works for both gateway.mydomain.org and farm.nlb.mydomain.org you will need to get a SAN certificate that specifies those DNS names in the Subject Alternate Field and install that certificate on your servers instead.

Dave Dietz
0
 

Author Comment

by:dkSoftware
ID: 35134133
Thank you very much for this.
This confirms my theory and I will purchase another wildcard cert. to solve my problem :)
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now