+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Internet Related/Filtering/Firewall Thread, Certificate request has been altered by CA company to localauthority.sch.uk in Technical; Hi, I have requested a ssl cert using CN = vpn.(school).(LA).sch.uk I have just had an email to say they ...
  1. #1

    Join Date
    Apr 2010
    Posts
    2,160
    Thank Post
    109
    Thanked 190 Times in 157 Posts
    Rep Power
    84

    Certificate request has been altered by CA company to localauthority.sch.uk

    Hi,

    I have requested a ssl cert using
    CN = vpn.(school).(LA).sch.uk

    I have just had an email to say they are processing

    Domain name = (LA).sch.uk
    Server Name = vpn.(school).(LA).sch.uk

    Should I be concerned?

  2. #2

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    Boston, MA
    Posts
    7,597
    Thank Post
    109
    Thanked 770 Times in 598 Posts
    Rep Power
    183
    I see no difference

  3. #3

    Join Date
    Apr 2010
    Posts
    2,160
    Thank Post
    109
    Thanked 190 Times in 157 Posts
    Rep Power
    84
    Sorry, I have been finding this very confusing as our LA control the firewall / ports and DNS.

    So have they got the domain name correct then? LocalAuthority.sch.uk

  4. #4

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,369
    Thank Post
    525
    Thanked 2,611 Times in 2,019 Posts
    Blog Entries
    24
    Rep Power
    890
    Yes, localauthority.sch.uk is the domain, the other parts are subdomains. So the details they've given are correct.

  5. #5

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    10,038
    Thank Post
    1,373
    Thanked 1,859 Times in 1,153 Posts
    Blog Entries
    19
    Rep Power
    609
    school.region.sch.uk is the domain ... vpn.school.region.sch.uk is the Fully Qualified Domain Name.

    region.sch.uk is not the domain (though the CA is treating it as such). A domain is the entirety of what is registered via a Domain Registrar. Some vendors have had a tendency to take the cTLD and treat the next zone as the domain, despite very clear instructions.

  6. #6


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,704
    Thank Post
    285
    Thanked 788 Times in 615 Posts
    Rep Power
    226
    Yes. Phone them up because some cert and hosting providers really don't grasp how the school.region.sch.uk breaks down.

    Our certs (for example) are of the whatever.school.region.sch.uk format (i.e moodle, webmail etc) and it did take a bit of "ok, repeat that back to me to ensure you understand it" and a couple of nominet links before it clicked.

  7. #7

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,369
    Thank Post
    525
    Thanked 2,611 Times in 2,019 Posts
    Blog Entries
    24
    Rep Power
    890
    Quote Originally Posted by GrumbleDook View Post
    school.region.sch.uk is the domain ... vpn.school.region.sch.uk is the Fully Qualified Domain Name.

    region.sch.uk is not the domain (though the CA is treating it as such). A domain is the entirety of what is registered via a Domain Registrar. Some vendors have had a tendency to take the cTLD and treat the next zone as the domain, despite very clear instructions.
    That's not how the standard was defined, that's why... The standard was supposed to be .com was a tld, a .co.uk was a cctld and then anything else was a domain on one of those. That was according to RFC 1480 and RFC 1591. So, its understandable that registrars don't understand it really!

  8. #8

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    10,038
    Thank Post
    1,373
    Thanked 1,859 Times in 1,153 Posts
    Blog Entries
    19
    Rep Power
    609
    Quote Originally Posted by localzuk View Post
    That's not how the standard was defined, that's why... The standard was supposed to be .com was a tld, a .co.uk was a cctld and then anything else was a domain on one of those. That was according to RFC 1480 and RFC 1591. So, its understandable that registrars don't understand it really!
    To clarify ... *everything* is a domain. TLD means Top Level Domain and it is controlled / managed by given organisations. .uk TLDs (.sch.uk, .me.uk, .org.uk) are dealt with by Nominet (some are delegated such as .police.uk and .gov.uk) and are not a true ccTLD (one of the reasons why I've always been told to refer to it as a cTLD instead) as they are an exception to ISO 3166. The next zone to the left of the TLD is the Second Level Domain. For .sch.uk this is a hierarchical zone to regionalise domains and so they are not used to register a domain (I believe that there are a few historic examples due to previous conversations with nominet but never been told what they are). The Third Level Domain is that which is registered via a Registrar and is considered as the 'domain'.

    The changes since RFCs 1480 and 1591 were written have been prodded and poked a number of times but perhaps RFC 3071 is an interesting one for folk to read to try to understand how things change, whether through gradual change due to need or simply due to change because that is how things ended up happening.

  9. #9

    Join Date
    Apr 2010
    Posts
    2,160
    Thank Post
    109
    Thanked 190 Times in 157 Posts
    Rep Power
    84
    Thanks for all the info. Just to double check I should contact the CA and get them to use school.region.sch.uk?

  10. #10

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,320
    Thank Post
    902
    Thanked 1,800 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    466
    Quote Originally Posted by edutech4schools View Post
    Thanks for all the info. Just to double check I should contact the CA and get them to use school.region.sch.uk?
    Its fine. As per post 4.

  11. #11

    Join Date
    Apr 2010
    Posts
    2,160
    Thank Post
    109
    Thanked 190 Times in 157 Posts
    Rep Power
    84
    but in post 5

    school.region.sch.uk is the domain ... vpn.school.region.sch.uk is the Fully Qualified Domain Name.
    region.sch.uk is not the domain
    So based on the above info I need school.region.sch.uk and not simply region.sch.uk

    and in post 6
    Yes. Phone them up because some cert and hosting providers really don't grasp how the school.region.sch.uk breaks down.
    I seem to be getting conflicting help. No wonder so many people get confused.

    So who is correct?

  12. #12

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,320
    Thank Post
    902
    Thanked 1,800 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    466
    Post 4 is correct

    Type your full domain name into WHOIS Search, Domain Name, Website, and IP Tools - Who.is for example school.lea.sch.uk. Right at the top you will see it display as lea.sch.uk this is because the school name is a sub domain of .lea.sch.uk.

  13. #13

    Join Date
    Apr 2010
    Posts
    2,160
    Thank Post
    109
    Thanked 190 Times in 157 Posts
    Rep Power
    84
    Odd. When I use your link it comes back with invalid domain name but if I use this WHOIS tool | Nominet is comes back and tells me the domain is school.region.sch.uk and not region.sch.uk.

    can I pm you our school info?

  14. #14


    Join Date
    Oct 2006
    Posts
    3,414
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149
    school.lea.sch.uk is your domain. lea.sch.uk is invalid.

    This domain cannot be registered because it contravenes the Nominet UK
    naming rules. The reason is:
    invalid format for a .sch.uk domain name.
    I have the bi-annual chore of making our CA understand that lea.sch.uk does not exist.

    Bottom line, yes you should be concerned.


    Quote Originally Posted by FN-GM View Post
    Post 4 is correct

    Type your full domain name into WHOIS Search, Domain Name, Website, and IP Tools - Who.is for example school.lea.sch.uk. Right at the top you will see it display as lea.sch.uk this is because the school name is a sub domain of .lea.sch.uk.
    Maybe your LEA/RBC has contacted nominet and done things differently, it certainly isn't that way for us and by nominets help pages lea.sch.uk is an invalid format.
    Last edited by j17sparky; 22nd January 2013 at 09:41 PM.

  15. #15

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    10,038
    Thank Post
    1,373
    Thanked 1,859 Times in 1,153 Posts
    Blog Entries
    19
    Rep Power
    609
    *Do Not Accept .region.sch.uk*

    To have a valid certificate you should own / manage / control the domain being used. You do not control .region.sch.uk ... no-one does (except Nominet). Your CA should be validating the ownership of the domain prior to the issuing of the certificate and if you let them proceed it can take flaming ages to get them to realise the mistake they are making. As with @j17sparky ... the voice of bitter experience of having to help out schools over the last 5 years!



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 4
    Last Post: 30th April 2011, 11:59 PM
  2. Replies: 10
    Last Post: 23rd February 2011, 04:43 PM
  3. Bad company 2 has been delivered !!
    By Galway in forum General Chat
    Replies: 11
    Last Post: 9th March 2010, 04:14 PM
  4. NetBT - A duplicate name has been detected
    By sidewinder in forum Windows
    Replies: 2
    Last Post: 20th February 2007, 10:32 AM
  5. Replies: 20
    Last Post: 7th April 2006, 09:36 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •