asked on

SSL Certificate Name Mismatch windows Server 2012 R2 Internal CA

We have recently set up an internal CA for the purpose of internal SSL certificates (and eventually other things like Direct Access but thats for a later date...). Being new to the Certificate game this wasn't the quickest process in the world for me.

Through group policy all of the domain computers now happily recognise the CA as a root certificate authority. The machines that I have given permission to the certificate template can also request SSL certificates through the certificate manager quite happily.

However the certificate that is issued is issued with the FQDN (webserver.domain.com), which means that when clients connect to https://webserver they get a certificate mismatch and have to connect to https://webserver.domain.com.

I am sure I may need to provide more information. But how would I go about issuing these SSL certificates from my internal CA to the computer name rather than FQDN?

Thanks

Will Szymkowski

If you put the http://webserver url in the local intranet sites does this error go away? Also can you add a DNS entry under your domain.com internal zone to webserver.domain.com so that it resolves the FQDN of the machine?

If this is only happening 2 a few users what I would do is also check the network adapter settings as well do ensure that append parent DNS suffix to flat Netbios names.

Will.

ASKER CERTIFIED SOLUTION

Mahesh

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

AlisterHill

ASKER

Thank you, glad to know this can't be achieved using the enrollment method I am using. I will have to read through the article and get more to grips with issuing SSL certificates.

Do you know if there is anything on the MVA with regards to this? I have done the windows Server 2012 R2 admin courses but it didn't touch on this enough.