It must be the name of the website, or domain. The reason is that if I type in https://www.domain.com, my browser will check to see if the certificate matches that. If the certificate is for webserver1.domain.com, it will not match and a popup will appear saying that the certificate is invalid or does not match. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com > -----Original Message----- > From: Rick Sambhi [mailto:rsambhi@xxxxxxxx] > Sent: Wednesday, February 26, 2003 11:54 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] What CN Name should be used when requesting a SSL Certificate. > > http://www.ISAserver.org > > > Hi all, > > I will start by outlining our environment first... > > l > l > l > ISA (.Net sever) > l (ext ip 130.x.x.x) > l (in tip 10.10.10.1) > l web publishing rule ext ip, plus www.website.com > l redirects it to 10.10.10.2 (Network load > balanced) > l > V > > 10.10.10.2 > Virtual Network Load balanced machine > l > /\ > / \ > / \ > / \ > / \ > Webserv1 Webserv2 > (ip 10.10.10.3) (ip 10.10.10.4) > > Now we cannot figure out what the CN (common name) should be on the > certificate? It is pretty straight forward if the web server was out > side of the ISA ( it would be the FQDN of the web server)... Should it > be one the web servers, get a certificate for both web servers, the name > of the website? Now if we get a SSL certificate for both servers do we > have to load both of them to our ISA server? > > Any input would be greatly appreciated.. > > Thanks > > Rick > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > isalist@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub')