SSL Certificate Name Mismatch windows Server 2012 R2 Internal CA

We have recently set up an internal CA for the purpose of internal SSL certificates (and eventually other things like Direct Access but thats for a later date...). Being new to the Certificate game this wasn't the quickest process in the world for me.

Through group policy all of the domain computers now happily recognise the CA as a root certificate authority. The machines that I have given permission to the certificate template can also request SSL certificates through the certificate manager quite happily.

However the certificate that is issued is issued with the FQDN (webserver.domain.com), which means that when clients connect to https://webserver they get a certificate mismatch and have to connect to https://webserver.domain.com.

I am sure I may need to provide more information. But how would I go about issuing these SSL certificates from my internal CA to the computer name rather than FQDN?

Thanks
AlisterHillAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
If you put the http://webserver url in the local intranet sites does this error go away? Also can you add a DNS entry under your domain.com internal zone to webserver.domain.com so that it resolves the FQDN of the machine?

If this is only happening 2 a few users what I would do is also check the network adapter settings as well do ensure that append parent DNS suffix to flat Netbios names.

Will.
MaheshArchitectCommented:
if certificate is issued with www.webserver.com and user is accessing it with simply webserver, but obvious name mismatch will occur

To avoid this, request certificate with subject name as "webserver" and alternate name as "www.webserver.com" so that both names will work without any errors

If you have configured certificate enrollment thru GPO, it won't give you cert with "webserver" as subject name

U need to manually request cert from custom MMC console on server
http://blogs.technet.com/b/isablog/archive/2011/10/09/how-to-generate-a-certificate-with-subject-alternative-names-san.aspx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AlisterHillAuthor Commented:
Thank you, glad to know this can't be achieved using the enrollment method I am using. I will have to read through the article and get more to grips with issuing SSL certificates.

Do you know if there is anything on the MVA with regards to this? I have done the windows Server 2012 R2 admin courses but it didn't touch on this enough.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.