I see no difference
I have requested a ssl cert using
CN = vpn.(school).(LA).sch.uk
I have just had an email to say they are processing
Domain name = (LA).sch.uk
Server Name = vpn.(school).(LA).sch.uk
Should I be concerned?
I see no difference
Sorry, I have been finding this very confusing as our LA control the firewall / ports and DNS.
So have they got the domain name correct then? LocalAuthority.sch.uk
Yes, localauthority.sch.uk is the domain, the other parts are subdomains. So the details they've given are correct.
school.region.sch.uk is the domain ... vpn.school.region.sch.uk is the Fully Qualified Domain Name.
region.sch.uk is not the domain (though the CA is treating it as such). A domain is the entirety of what is registered via a Domain Registrar. Some vendors have had a tendency to take the cTLD and treat the next zone as the domain, despite very clear instructions.
Yes. Phone them up because some cert and hosting providers really don't grasp how the school.region.sch.uk breaks down.
Our certs (for example) are of the whatever.school.region.sch.uk format (i.e moodle, webmail etc) and it did take a bit of "ok, repeat that back to me to ensure you understand it" and a couple of nominet links before it clicked.
The changes since RFCs 1480 and 1591 were written have been prodded and poked a number of times but perhaps RFC 3071 is an interesting one for folk to read to try to understand how things change, whether through gradual change due to need or simply due to change because that is how things ended up happening.
Thanks for all the info. Just to double check I should contact the CA and get them to use school.region.sch.uk?
but in post 5
So based on the above info I need school.region.sch.uk and not simply region.sch.ukschool.region.sch.uk is the domain ... vpn.school.region.sch.uk is the Fully Qualified Domain Name.
region.sch.uk is not the domain
and in post 6
I seem to be getting conflicting help. No wonder so many people get confused.Yes. Phone them up because some cert and hosting providers really don't grasp how the school.region.sch.uk breaks down.
So who is correct?
Post 4 is correct
Type your full domain name into WHOIS Search, Domain Name, Website, and IP Tools - Who.is for example school.lea.sch.uk. Right at the top you will see it display as lea.sch.uk this is because the school name is a sub domain of .lea.sch.uk.
Odd. When I use your link it comes back with invalid domain name but if I use this WHOIS tool | Nominet is comes back and tells me the domain is school.region.sch.uk and not region.sch.uk.
can I pm you our school info?
school.lea.sch.uk is your domain. lea.sch.uk is invalid.
I have the bi-annual chore of making our CA understand that lea.sch.uk does not exist.This domain cannot be registered because it contravenes the Nominet UK
naming rules. The reason is:
invalid format for a .sch.uk domain name.
Bottom line, yes you should be concerned.
Last edited by j17sparky; 22nd January 2013 at 09:41 PM.
*Do Not Accept .region.sch.uk*
To have a valid certificate you should own / manage / control the domain being used. You do not control .region.sch.uk ... no-one does (except Nominet). Your CA should be validating the ownership of the domain prior to the issuing of the certificate and if you let them proceed it can take flaming ages to get them to realise the mistake they are making. As with @j17sparky ... the voice of bitter experience of having to help out schools over the last 5 years!
There are currently 1 users browsing this thread. (0 members and 1 guests)