|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Certificate QuestionI'm about to migrate a Verisign certificate from our existing Ex2k OWA
server to a new Ex2k3 OWA server. My question is this: Does the server name need to stay the same for the cert to be valid? Verisign says: "VeriSign Server IDs can only be used on Web servers using the Common Name specified during enrollment. For example, a Server ID for the domain "domain.com" will receive a warning if accessing a site named "secure.domain.com" are different from "domain.com". It doesn't look like there's anyway around this, but i'm new to the SSL game and i might be missing something. Do i need a new cert from Verisign? Any help is appreciated. jim Jim,
You Verisign Certificate will function with the new server but users will receive a message stating that "The name on the security Certificate is invalid or does not match the name of the site" Its up to you i guess whether this is important. Personally I would recommend you get a new certificate or keep the same name. hth Show quoteHide quote "jim" <jim@NOSPAM.com> wrote in message news:uDuUwFvhFHA.3608@TK2MSFTNGP12.phx.gbl... > I'm about to migrate a Verisign certificate from our existing Ex2k OWA > server to a new Ex2k3 OWA server. My question is this: Does the server > name need to stay the same for the cert to be valid? Verisign says: > > "VeriSign Server IDs can only be used on Web servers using the Common Name > specified during enrollment. For example, a Server ID for the domain > "domain.com" will receive a warning if accessing a site named > "www.domain.com" or "secure.domain.com", because "www.domain.com" and > "secure.domain.com" are different from "domain.com". > > It doesn't look like there's anyway around this, but i'm new to the SSL > game and i might be missing something. Do i need a new cert from > Verisign? > > Any help is appreciated. > > jim > Yes, you will need to revoke the current certificate and request a new one
for the new server's name. The only way around that is to rename the new server with the old server's name. Show quoteHide quote "jim" wrote: > I'm about to migrate a Verisign certificate from our existing Ex2k OWA > server to a new Ex2k3 OWA server. My question is this: Does the server name > need to stay the same for the cert to be valid? Verisign says: > > "VeriSign Server IDs can only be used on Web servers using the Common Name > specified during enrollment. For example, a Server ID for the domain > "domain.com" will receive a warning if accessing a site named > "www.domain.com" or "secure.domain.com", because "www.domain.com" and > "secure.domain.com" are different from "domain.com". > > It doesn't look like there's anyway around this, but i'm new to the SSL game > and i might be missing something. Do i need a new cert from Verisign? > > Any help is appreciated. > > jim > > > If your cert is for the web site name, not the server name, you can export
the certificate and import it on the other server and your web site visitors will get no warnings. You could use the cert on the new server if you still use the old URL but it points to the new server via a CNAME record, for example. By the way, if you're just publishing OWA for your own users using SSL, and you're not using the cert to prove your web site's own identity to strangers, then there's no reason you can't have your own CA and issue your own certs. All you'll have to do is have your own users add your CA as a trusted root. -- Show quoteHide quoteEd Crowley Celebrating a decade of Exchange peer support "jim" <jim@NOSPAM.com> wrote in message news:uDuUwFvhFHA.3608@TK2MSFTNGP12.phx.gbl... > I'm about to migrate a Verisign certificate from our existing Ex2k OWA > server to a new Ex2k3 OWA server. My question is this: Does the server > name need to stay the same for the cert to be valid? Verisign says: > > "VeriSign Server IDs can only be used on Web servers using the Common Name > specified during enrollment. For example, a Server ID for the domain > "domain.com" will receive a warning if accessing a site named > "www.domain.com" or "secure.domain.com", because "www.domain.com" and > "secure.domain.com" are different from "domain.com". > > It doesn't look like there's anyway around this, but i'm new to the SSL > game and i might be missing something. Do i need a new cert from > Verisign? > > Any help is appreciated. > > jim > 
Other interesting topics
Redirecting http:// to https:/
How to disable SSL Security Alert in IE IIS Crashes at regular interval of time - Urgent Web Applicaiton using Trusted Connections to SQL on different machine? Problem with IIS, Powerpoint and AVI-File IIS Lockdown Tool HTW file security risk Securing IIS 6 Exchange 2003 OWA and IIS over SSL IWA Authentication Returns HTTP Error500 |
|||||||||||||||||||||||
