Internet Related/Filtering/Firewall Thread, Bright ideas on working around CABF restrictions on SSL certificates? in Technical; Phasing out Intranet Names and IP Addresses in SSLs | Go Daddy Help | GoDaddy Support
Anyone have any?
26th November 2013, 02:58 PM #1
Bright ideas on working around CABF restrictions on SSL certificates?
Phasing out Intranet Names and IP Addresses in SSLs | Go Daddy Help | GoDaddy Support
Anyone have any?
Short reason is I need to sign some web hosts internally for access on our devices (no problem), but also phones/tablets/laptops that students/staff bring in that aren't part of our network, but it seems that now I can't use a GoDaddy certificate to do this so I'm stuck with a (currently) useless certificate.
Obviously I *could* change everything to use our school domain name internally as well, but that seems... unnecessarily complicated and annoying.
26th November 2013, 04:00 PM #2
TBH it is going down the need to use the FQDN for everything, the idea being that access can be seemless whether internal or external (not having to remember different addresses for things like OWA etc).
The main big thing that I have had to start getting my clients to do is configure Exchange to use an external FQDN i.e mail.fulldomain.com rather than server.domain.local.
This also actually helps when starting to bring in things like load balances are systems expand/higher availability is require.
26th November 2013, 11:43 PM #3
For Exchange use split DNS.
27th November 2013, 08:01 AM #4
It's not for Exchange. Exchange is fine for another year or two... and then hopefully going up into O365.
This would be for smoothwall and a pair of internal only web servers. So all 3 are obviously currently on our .local domain. I did try adding our FQDN to DNS and then adding a new host record that points to the boxes locally, but it doesn't seem to have changed anything.
Last edited by DrPerceptron; 27th November 2013 at 08:02 AM.
27th November 2013, 08:07 AM #5
Unless you want to migrate to using a real FQDN internally, the only other option is split DNS.
We use split DNS for our VLE/website here, works fine.
By laserblazer in forum Jokes/Interweb Things
Last Post: 18th March 2011, 05:03 PM
By Kyle in forum MIS Systems
Last Post: 3rd November 2010, 08:14 AM
By naysweb in forum Windows Server 2008 R2
Last Post: 18th August 2010, 02:47 PM
By Ben_Stanton in forum How do you do....it?
Last Post: 2nd April 2009, 02:58 PM
By Lesley_tech in forum *nix
Last Post: 5th March 2009, 10:09 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)