?
Solved

SSL Cert on internal Ebusiness server behind sonicwall

Posted on 2014-03-06
1
Medium Priority
?
591 Views
Last Modified: 2014-03-07
We have a Server 2008 server behind a firewall with port forwarding (80, 8080, and 443). We are running an E-business site that is intended to go Live in a few days. We ahve purchased an SSL cert from GoDaddy.

In setting up the Cert for E-biz, should the WAN address of the sonicwall be the A record for the Ebusiness site, and the certificate installed there?

Should a self-assigned certificate be installed on the server?
Should the server and sonicwall be members of the domain "example-ebiz.com"
there are no internal DNS servers for this host.
Should I install DNS on this host server and register with the ".com" domain hosted by Godaddy?

I am somewhat familiar, I just dont want to mess this up.
Thank you for your time and Knowledge.
0
Comment
Question by:chrismaksimik
1 Comment
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 2000 total points
ID: 39912569
<<In setting up the Cert for E-biz, should the WAN address of the sonicwall be the A record for the Ebusiness site, and the certificate installed there?>>

The WAN address of the Sonicwall would be the address you'd use for the A record for the server.  So, if the host name of the server is "ebiz.domain.com," you'd create an A record for the server "ebiz" in the domain.com DNS zone, and assign the Sonicwall's IP address to that host.

The SSL certificate gets installed on the host machine, not the Sonicwall firewall.

<<Should a self-assigned certificate be installed on the server?>>

Not unless you are going to have internal users logging on to that server using SSL and using a different (i.e., local) domain name.

<<Should the server and sonicwall be members of the domain "example-ebiz.com"?>>

The server needs to be a member of the public domain, because the name on the SSL certificate has to match the name of the server or your users will get a warning message that the certificate and the server name don't match.  The Sonicwall doesn't have to be a member of the domain.  All the Sonicwall cares about is the routing of IP addresses, so it has to have a route to the internal IP address of that server.

<<Should I install DNS on this host server and register with the ".com" domain hosted by Godaddy?>>

I'm pretty sure that all you'd need to do is make the internal server a member of the domain and point your internal host's NIC to the GoDaddy DNS server(s).  However, this is something I've never dealt with, so you may want to check this with GoDaddy or perhaps someone else can answer this portion of your question with more certainty.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question