RE: What CN Name should be used when requesting a SSL Certificate.

• From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 26 Feb 2003 11:59:46 -0800

It must be the name of the website, or domain. The reason is that if I type
in https://www.domain.com, my browser will check to see if the certificate
matches that. If the certificate is for webserver1.domain.com, it will not
match and a popup will appear saying that the certificate is invalid or does
not match.

John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA  92835
www.reliancesoft.com

> -----Original Message-----
> From: Rick Sambhi [mailto:rsambhi@xxxxxxxx]
> Sent: Wednesday, February 26, 2003 11:54 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] What CN Name should be used when requesting a SSL
Certificate.
> 
> http://www.ISAserver.org
> 
> 
> Hi all,
> 
> I will start by outlining our environment first...
> 
>               l
>               l
>               l
>                ISA    (.Net  sever)
>               l       (ext ip 130.x.x.x)
>               l       (in tip 10.10.10.1)
>               l       web publishing rule ext ip, plus www.website.com
>               l               redirects it to 10.10.10.2 (Network load
> balanced)
>               l
>                  V
> 
>       10.10.10.2
> Virtual Network Load balanced machine
>               l
>               /\
>                  /   \
>                 /          \
>                /         \
>                     /           \
> Webserv1              Webserv2
> (ip 10.10.10.3)                  (ip 10.10.10.4)
> 
> Now we cannot figure out what the CN (common name) should be on the
> certificate? It is pretty straight forward if the web server was out
> side of the ISA ( it would be the FQDN of the web server)... Should it
> be one the web servers, get a certificate for both web servers, the name
> of the website? Now if we get a SSL certificate for both servers do we
> have to load both of them to our ISA server?
> 
> Any input would be greatly appreciated..
> 
> Thanks
> 
> Rick
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> isalist@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » What CN Name should be used when requesting a SSL Certificate.
• » RE: What CN Name should be used when requesting a SSL Certificate.
• » RE: What CN Name should be used when requesting a SSL Certificate.
• » RE: What CN Name should be used when requesting a SSL Certificate.
• » RE: What CN Name should be used when requesting a SSL Certificate.
• » RE: What CN Name should be used when requesting a SSL Certificate.

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---