SSL Certificate for LDAPS when FQDN and public DNS are different

I need to configure our Domain Controller for LDAPS as we are trying to use LDAP to authenticate users to an external website (outside of the domain). The problem is that the Domain Controller's FQDN is EXAMPLE.company.local while the public DNS record for the system is EXAMPLE.company.com.

Based on an article on Microsoft's website (http://support.microsoft.com/kb/931351), it appears that I need to include a SAN Attribute to the Certificate (we are going to use a third-party certificate if that makes a different). I am unsure as to what records should be listed on the cert or if having the SAN Attribute will actually work.

Should the "primary" record be EXAMPLE.company.com and the SAN Attribute be EXAMPLE.company.local? Will having the SAN Attribute allow LDAPS to function properly?
MortgageCenterAsked:
Who is Participating?
 
Chad FranksSenior System EngineerCommented:
The primary will be EXAMPLE.company.com and the SAN name will be EXAMPLE.company.local  - if its not that way then users will get a Certificate mis-match error
0
 
MortgageCenterAuthor Commented:
Chad,

Just to be sure, if I purchase a certificate from a third-party (ex: GoDaddy.com) that includes EXAMPLE.company.com and has EXAMPLE.company.local as the SAN, that certificate will be installed onto the LDAP server (using these instructions: http://support.microsoft.com/kb/321051) and will allow the external website to make LDAPS requests without error?
0
 
Chad FranksSenior System EngineerCommented:
You are correct.
0
 
MortgageCenterAuthor Commented:
Chad,

Thank you for all of your assistance. I greatly appreciate it!
0
 
cruzzmslCommented:
So as of 11/1/2015 the CAs will no longer issue a certificate with an intranet name as the SAN.
What to do now?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.