|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
SSL warning message for Intranet siteHi,
I have an intranet site that is set up using ssl 128bit encryption (using my own certificate server- windows 2003 server (so thats iis 6.0) The name i used set for the 'issued to' part is its fqdn (intranet.domain.co.uk) when using the FQDN (https://intranet.domain.co.uk) it works fine without any errors. When using it internally I want people to just type https://intranet. This works but they receive an error saying the name doesnt match the name on the certificate, cliick yes to continue. Is there a way round this? I cant think of one ........help!! P.s I have another question but will create a new thread for that. Fell free to ansa both :) I'm not 100% sure whether this will work, but IIRC it does.
Ensure that "intranet" by itself isn't resolvable. Ensure that the client's TCP/IP DNS settings are configured to automatically append the "domain.co.uk" suffix. Then, when the user types in "intranet", the machine will also try "intranet.domain.co.uk" (by automatically appending the DNS suffix you specified). Then the sitename and certificate common name will match. Alternatively, create another site in IIS. Configure it the same as the existing site, except make it answer to https://intranet, and issue a certificate with "intranet" as the common name. Cheers Ken Show quoteHide quote "l3msip" <l3m***@discussions.microsoft.com> wrote in message news:E65A79EA-2F39-4B54-B22C-F7EC2329D9EF@microsoft.com... > Hi, > > I have an intranet site that is set up using ssl 128bit encryption (using > my > own certificate server- windows 2003 server (so thats iis 6.0) > > The name i used set for the 'issued to' part is its fqdn > (intranet.domain.co.uk) when using the FQDN > (https://intranet.domain.co.uk) > it works fine without any errors. > > When using it internally I want people to just type https://intranet. This > works but they receive an error saying the name doesnt match the name on > the > certificate, cliick yes to continue. > > Is there a way round this? I cant think of one ........help!! > > P.s I have another question but will create a new thread for that. Fell > free > to ansa both :) .... and there's another alternative. Add redirect code to the main page, or
to all pages on the web site, such that if the requested web site is http://intranet, have it redirect to https://intranet.domain.co.uk. To do this with server-side ASP / vbscript, I believe this would be something like <% If LCase(Request.ServerVariables("server_name")) = "intranet" Then Response.Redirect "https://intranet.domain.co.uk" & (Request.ServerVariables("http_url")) %> You could also do a client-side redirect with javascript. Show quoteHide quote "Ken Schaefer" <kenREM***@THISadOpenStatic.com> wrote in message news:%23AnqqrYqGHA.5108@TK2MSFTNGP05.phx.gbl... > I'm not 100% sure whether this will work, but IIRC it does. > > Ensure that "intranet" by itself isn't resolvable. Ensure that the > client's TCP/IP DNS settings are configured to automatically append the > "domain.co.uk" suffix. Then, when the user types in "intranet", the > machine will also try "intranet.domain.co.uk" (by automatically appending > the DNS suffix you specified). Then the sitename and certificate common > name will match. > > Alternatively, create another site in IIS. Configure it the same as the > existing site, except make it answer to https://intranet, and issue a > certificate with "intranet" as the common name. > > Cheers > Ken > > > "l3msip" <l3m***@discussions.microsoft.com> wrote in message > news:E65A79EA-2F39-4B54-B22C-F7EC2329D9EF@microsoft.com... >> Hi, >> >> I have an intranet site that is set up using ssl 128bit encryption (using >> my >> own certificate server- windows 2003 server (so thats iis 6.0) >> >> The name i used set for the 'issued to' part is its fqdn >> (intranet.domain.co.uk) when using the FQDN >> (https://intranet.domain.co.uk) >> it works fine without any errors. >> >> When using it internally I want people to just type https://intranet. >> This >> works but they receive an error saying the name doesnt match the name on >> the >> certificate, cliick yes to continue. >> >> Is there a way round this? I cant think of one ........help!! >> >> P.s I have another question but will create a new thread for that. Fell >> free >> to ansa both :) > > 
Other interesting topics
|
|||||||||||||||||||||||
