Solved

ssl cert for AD intranet without domain name ?

Posted on 2013-05-14
5
665 Views
Last Modified: 2013-11-19
Hi.  I'm new to SSL & web development so here's my situation/question :

We have IIS set up on an internal Active Directory domain called "mybiz.local" where we have many Windows Servers (IIS7 hosting intranet apps, SQL, fileservers, etc.)  Applications on these servers can get out to the Internet.  We have a firewall appliance in place.

Our website "mybiz.com" is hosted on Bluehost, and that website is completely separate from the internal servers at mybiz.local -- mybiz.com is just a few webpages with no data or connectivity to our actual company servers.

We are going to put a .NET application on the mybiz.local IIS server.  This app will send and receive credit card transactions to third-party credit card processor "FirstData".   FirstData requires we have an SSL cert.

My assumption: Since the SSL cert is for a server with no real web address, will that work?  I mean, our IIS server has an internal address (10.9.8.7), and our location has a fixed Internet IP (72.72.72.72) but no registered domain name points to that IP.

Is there an SSL cert that works in this instance?
Do I need to register another domain name to point to our "internal network" ?  Or perhaps point a subdomain like "myiis.mybiz.com" to our IP & internal IIS server?

Thanks.
(note: all names and IP addresses have been changed to protect the innocent)
0
Comment
Question by:Rob Rudloff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 34

Assisted Solution

by:Paul MacDonald
Paul MacDonald earned 185 total points
ID: 39164846
SSL certificates can be issued for IP addresses.  If you don't want to acquire a domain name for your public interface, you can just have FirstData connect to the IP address at port 443.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 215 total points
ID: 39164986
as PaulMacd says, an IP address is valid for ssl - effectively, at some point the person relying on the SSL is going to visit https://<Some_IP_Or_Domain_Name>/ so <Some_IP_Or_Domain_Name> is going to need to be in the SSL cert (or validation will fail for bad site name matching)

Might be worth asking FirstData what the SSL cert is *for* - if it is to protect inbound data (as in customers logging in etc) and you don't actually DO that, then they may waive the requirement.  

Conversely, if the payment processor needs to connect to you, ask if you can use a self-issued cert or if they will issue you a cert - and save the cost and awkwardness of setting it up :)
0
 

Author Comment

by:Rob Rudloff
ID: 39167054
I am assuming that after we send some data to FirstData, they will send back a reply with a Credit Card approval code, transaction number, etc.    So, when we send our credit card data, is an SSL cert being sent along too, or a pointer/reference to our SSL cert?    

I understand that SSL-secured data is sent through Port 443, and that data is using the SSL protocol.   So, if I have port 443 open in my firewall, does that port need to point/forward to a specific "certificate server" or something?  

I believe we use port 443 for our SSL VPN, but I believe we have a "self-issued cert" for our VPN ... I am pretty sure we can change the VPN to use some other port, if need be.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 215 total points
ID: 39167597
Usually, if you are connecting to them, its *their* SSL certificate (if any) that is used.

your SSL certificate is used only for inbound connections to you, but some (most, except those that use a redirect to accept the CC data directly) merchants demand that the data entry path used by the customers be secure - so your app that accepts CC data may need to be secured by SSL before they will enable your account.
0
 

Author Closing Comment

by:Rob Rudloff
ID: 39167626
Thanks.  That points me in the right direction with all this.  I will try to post a description of what is ultimately put in place for us.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
help thx 6 33
Saving Web Page as PDF 9 78
Images showing on the internet -- asp.net -- VB.net.  Why some do and some don’t. 3 48
Cannot access website or email server 4 82
An enjoyable and seamless user experience can go a long way on an eCommerce site. While a cohesive layout and engaging copy play roles in creating a positive user experience, some sites neglect aspects that seem marginal but in actuality prove very …
Australian government abolished Visa 457 earlier this April and this article describes how this decision might affect Australian IT scene and IT experts.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question