SSL Certificates

toteman85 · November 2011

Hi I just have a simple question but I have not find any relevant information about it.

I have an Internal domain (.org) - I bought a certificate for a server but the certificate is .com (It is a wildard certificate) - I think this is possible just want to know how, I can make my server be seen as the certificate:

My server is MyServer.MyDomain.org
My Cert is *.MyDomain.com

I'll appreciate any help you can provide.

Thanks.

vCole · November 2011

toteman85 wrote: »

Hi I just have a simple question but I have not find any relevant information about it.

I have an Internal domain (.org) - I bought a certificate for a server but the certificate is .com (It is a wildard certificate) - I think this is possible just want to know how, I can make my server be seen as the certificate:

My server is MyServer.MyDomain.org
My Cert is *.MyDomain.com

I'll appreciate any help you can provide.

Thanks.

I believe, (someone correct me if I'm wrong, please!) that even if it is a wildcard certificate the domain name needs to match the cert. The wildcard is only for subdomains for that domain.

saspro · November 2011

What are you planning to use the cert for?

erpadmin · November 2011

From what I see you have two choices:

1) Make your server belong into the .com domain.

2) Contact your CA and see if you can get a *.org (wildcard or this particular servername.)

When I first started my current job, I had a similar issue. We ended up having to order certs in the names of the VIPs we are using. Much later on, instead of buying x amount of certs, we only needed one cert for each vip we were using, thanks to F5's SSL off-loading feature.

For your current situation, as you no doubt are seeing, you can't mix-match certs and servers/domains, or else you will get invalid certificate errors. If you're using wildcards, then you will need to match up the domain. (org to org OR com to com)

undomiel · November 2011

Assuming this is an application that is accessed externally as well as internally i.e. OWA; what you'll need to do is create matching internal A records to match up with names that you'll be accessing by externally as well. For example if you accessed OWA via owa.mydomain.com then internally you'll need to create an owa.mydomain.com A record and point it to your server. To simplify internal access to external sites in the mydomain.com zone though, such as www.mydomain.com, I would actually recommend creating a zone for whatever FQDN you are wanting to use like owa.mydomain.com then creating a . A record in there. Pointing it to the zone. That way you won't have as much of a headache maintaining addresses internally in addition to externally.

toteman85 · November 2011

Thanks to all for your replies:
saspro, I need to use it for Spiceworks (Web authentication)

Is there any way I can tweak this in some way using DNS? you guys see this as a possible solution? if by any chance you know how please let me know

toteman85 · November 2011

undomiel wrote: »

Assuming this is an application that is accessed externally as well as internally i.e. OWA; what you'll need to do is create matching internal A records to match up with names that you'll be accessing by externally as well. For example if you accessed OWA via owa.mydomain.com then internally you'll need to create an owa.mydomain.com A record and point it to your server. To simplify internal access to external sites in the mydomain.com zone though, such as www.mydomain.com, I would actually recommend creating a zone for whatever FQDN you are wanting to use like owa.mydomain.com then creating a . A record in there. Pointing it to the zone. That way you won't have as much of a headache maintaining addresses internally in addition to externally.

Hi Undomiel,
Thanks for your help actually your response gave me the clues I was looking for.

thanks.!

SSL Certificates

Comments