Jeff swicegood
asked on
Browsers (Chrome, Firefox, IE) will not resolve FQDN's on my local network, but all can ping FQDN's
I am trying to get various workstations to be able to go to "https://webserver1.newgoloka.local" in other words to resolve the FQDN. just https://webserver1 without the domain name resolves fine. What I am trying to do is get SSL set up properly (just for the internal intranet). The browser will throw a warning if the name typed in the address bar does not match the exact name on the certificate.
I can also ping the FQDN from any workstation, just fine. I also have a little C program that calls gethostbyname() and that works fine. I have also tried writing a little 4 line php file that calls gethostbyname(). That does NOT work when accessed in the browser. it works with anything other than internal FQDN's.
As far as I know my dns server is set up properly.
Problem exists on various hosts, windows and linux.
DNS server: bind9 on ubuntu 14.04
Webserver: "webserver1" ubuntu 14.04 kubuntu desktop installed
I can also ping the FQDN from any workstation, just fine. I also have a little C program that calls gethostbyname() and that works fine. I have also tried writing a little 4 line php file that calls gethostbyname(). That does NOT work when accessed in the browser. it works with anything other than internal FQDN's.
As far as I know my dns server is set up properly.
Problem exists on various hosts, windows and linux.
DNS server: bind9 on ubuntu 14.04
Webserver: "webserver1" ubuntu 14.04 kubuntu desktop installed
David Johnson, CD
does a nslookup webserver1.newgoloka.local
ASKER
Ok, that started working on it's own. Now when I go to webserver1.newgoloka.local
correct the root certificate is not present or in the correct store.
On a windows machine that is experiencing the problem, I'd suggest going to the command line and typing:
ipconfig /all
Look for the main network adapter (usually "Ethernet adapter Local Area Connection" if it's plugged in via an ethernet cable) and write down the entries next to "DNS Servers". Those are the servers that need to know about the "webserver1.newgoloka.loca
ipconfig /all
Look for the main network adapter (usually "Ethernet adapter Local Area Connection" if it's plugged in via an ethernet cable) and write down the entries next to "DNS Servers". Those are the servers that need to know about the "webserver1.newgoloka.loca
ASKER
The DNS part is working. I have tried many different ways to import the root certificate, but "invalid certificate authority." I went through the whole process for the third time of generating a root cert, making a signing request, signing the cert, and configuring apache, and finally importing the root CA certificate for use in chrome on linux and windows. Let's focus on Windows. In windows I used MMC snapin manage certificates to hit import and go through the wizard. Simple enough. What could have gone wrong?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes it does have that output, except it says "replacing" instead of "adding."
Windows, I followed the procedure, but same result.
Windows, I followed the procedure, but same result.
if it is replacing then it already exists.
where is the error message coming from? browser /apache?
ASKER
Now it works in WIndows. I was importing the wrong certificate, the signed certificate not the root cert. Still a no go in Ubuntu. Error is coming from browser.
ASKER
The output from sudo update-ca-certificates looks right.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Chrome, Firefox.
ASKER
Chromium.
ASKER
You were right they have their own stores. Here is the solution for chrome:
certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "webserver1 CA cert" -i cacert.crtASKER
Firefox has it own built-in certificate manager. Just import.