Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

RD Gateway and not being able to purchase SAN Certificates with internal domain names

Posted on 2013-11-13
3
Medium Priority
?
492 Views
Last Modified: 2013-11-18
I am looking for a solution to get around the problem of not being able to purchase a new Subject alternate name SSL certificate (SAN Certificate) that contain internal (not fully qualified) domain names. EG servername.internal.local

Currently I am using a number of TS Gateway setups (or RDS Gateway for those using the new lingo) and have SAN certificates with the public DNS name then with the internal server names listed for the servers that we are connecting to internally.  Now that the CA\Browser forum rules have come into affect CA's are not issuing certificates with internal DNS names.

The last thing I want to consider is changing the internal domain name and I don't want to use self signed certificates as a number of these are accessed by people that I do not control their desktops.

Does anyone have any ideas?  Is there a way to change Gateway services to not use the internal server name but an external name using DNS trickery?

Thanks in advance.
0
Comment
Question by:Dave_IT_Fellow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39646402
modify that


C:\Windows\system32\drivers\etc\hosts
you need to run the editor (eg. notepad) as administrator, which you do by locating it through the Start menu and then right clicking on the editor's icon, then manually open and edit the hosts file.

#      127.0.0.1       localhost
#      ::1             localhost

You can setup as many host names as you like all pointing to your localhost, each in most cases should be accessible with the ip, 127.0.0.1.

For example:

 127.0.0.1               local.project1
 127.0.0.1               local.project2
 127.0.0.1               youcanuseany.name.here


or like you said modify local domain to match external domain (i use that myself)  ans use Split DNS

http://www.youtube.com/watch?v=yPH02ZcfFtc
0
 
LVL 2

Accepted Solution

by:
Dave_IT_Fellow earned 0 total points
ID: 39646644
Thanks for your reply,  but I have found the answer.  

My TS Farm settings needed to be externally resolvable (ts.domain.com instead of ts.domain.local),  then using a standard SSL Certificate it no long prompts with an error in the certificate name vs the server name.

This removed the requirement for needing a SAN certificate.
0
 
LVL 2

Author Closing Comment

by:Dave_IT_Fellow
ID: 39656014
I found the solution reading further forum posts saying that my TS farm name should be the same as my SSL certificate.

I tested this in a clean environment and the solution works perfectly using approved Microsoft methods.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

User Beware!  This is a rather permanent solution to removing your email from an exchange server.  The only way to truly go back is to have your exchange administrator restore your mailbox from backups.  This is usually the option of last resort.  A…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question