+ Post New Thread
Results 1 to 5 of 5
Internet Related/Filtering/Firewall Thread, Bright ideas on working around CABF restrictions on SSL certificates? in Technical; Phasing out Intranet Names and IP Addresses in SSLs | Go Daddy Help | GoDaddy Support Anyone have any? Short ...
  1. #1
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    922
    Thank Post
    34
    Thanked 134 Times in 114 Posts
    Rep Power
    41

    Bright ideas on working around CABF restrictions on SSL certificates?

    Phasing out Intranet Names and IP Addresses in SSLs | Go Daddy Help | GoDaddy Support

    Anyone have any?

    Short reason is I need to sign some web hosts internally for access on our devices (no problem), but also phones/tablets/laptops that students/staff bring in that aren't part of our network, but it seems that now I can't use a GoDaddy certificate to do this so I'm stuck with a (currently) useless certificate.

    Obviously I *could* change everything to use our school domain name internally as well, but that seems... unnecessarily complicated and annoying.

  2. #2

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,808
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    TBH it is going down the need to use the FQDN for everything, the idea being that access can be seemless whether internal or external (not having to remember different addresses for things like OWA etc).

    The main big thing that I have had to start getting my clients to do is configure Exchange to use an external FQDN i.e mail.fulldomain.com rather than server.domain.local.

    This also actually helps when starting to bring in things like load balances are systems expand/higher availability is require.

  3. #3

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    For Exchange use split DNS.

  4. #4
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    922
    Thank Post
    34
    Thanked 134 Times in 114 Posts
    Rep Power
    41
    It's not for Exchange. Exchange is fine for another year or two... and then hopefully going up into O365.

    This would be for smoothwall and a pair of internal only web servers. So all 3 are obviously currently on our .local domain. I did try adding our FQDN to DNS and then adding a new host record that points to the boxes locally, but it doesn't seem to have changed anything.
    Last edited by DrPerceptron; 27th November 2013 at 08:02 AM.

  5. #5

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,684
    Thank Post
    516
    Thanked 2,453 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833
    Unless you want to migrate to using a real FQDN internally, the only other option is split DNS.

    We use split DNS for our VLE/website here, works fine.

SHARE:
+ Post New Thread

Similar Threads

  1. [Video] Someone filmed my trip to work and put it on youtube!
    By laserblazer in forum Jokes/Interweb Things
    Replies: 0
    Last Post: 18th March 2011, 05:03 PM
  2. Advice needed on working on Sims Databases
    By Kyle in forum MIS Systems
    Replies: 10
    Last Post: 3rd November 2010, 08:14 AM
  3. Laptop on Work-group Connecting to Server 2008 R2 Domain.
    By naysweb in forum Windows Server 2008 R2
    Replies: 2
    Last Post: 18th August 2010, 02:47 PM
  4. College student on work experience - access to school DB? Yay or nay?
    By Ben_Stanton in forum How do you do....it?
    Replies: 8
    Last Post: 2nd April 2009, 02:58 PM
  5. Website Restrictions on Linux
    By Lesley_tech in forum *nix
    Replies: 1
    Last Post: 5th March 2009, 10:09 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •