Subject: | |
From: | |
Reply To: | James B. Byrne |
Date: | Thu, 25 Sep 2008 11:17:54 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
> A fourth case, which I just encountered, is if you buy a cheap domain cert
> from GoDaddy or somesuch and your web server is behind a firewall or NAT
> router. The address of the web server is known to the world as
> www.domain.com but the webserver is known locally on your network as
> something like shemp.mycompany.local. The FQDN on the certificate and
> the FQDN of the web server must match or the browser will throw an error.
> In ISA, there's a setting indicating where web requests should be redirected
> and what the return headers should look like. In order to get this to work,
> one has to forward requests to the external domain (www.domain.com) but
> that causes an endless loop in the ISA. The trick is to add an entry to the
> host file on the ISA machine that points www.domain.com to the local
> IP address bypassing DNS and preventing the looping error. (The service
> must be restarted before this works).
It would be easier, I believe, to simply use the subjectAltName argument in
the certificate signing request to specify all of the DNS CNAMEs and IP
addresses that the certificate might be associated with.
Regards,
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:[log in to unmask]
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|