|
Posted by Robertss on April 27, 2008, 1:09 pm
If you were Registered and logged in, you could reply and use other advanced thread options
2007 Management Shell. (http://www.digicert.com/csr-creation-microsoft-
unified-communications.htm) This is because SANs weren't commonly used
before Exchange 2007 started using them. If you have Exchange 2007,
you can generate the cert and after installing it, assign it to be
used by an IIS website.
However, most CAs allow you to generate a normal CSR in IIS and then
add the additional SAN names during the ordering process. If you are
looking for a commerical certificate, you can compare SAN/UC
certificates here: http://www.sslshopper.com/unified-communications-uc-ssl-c=
ertificates.html
Robert
> The SAN seems like the way to go from reading up on a description of it.
>
> Thanks very much for the information! =A0Now to research the implementatio=
n
> part!
>
> Have a great day and thanks again!
>
>
>
> "Dobromir Todorov" wrote:
> > Rather than allowing everything in a domain (which you can't don) you ar=
e
> > better off enumerating all the FQDNs that you want users to be able to
> > access, and then including them in the certificate Subject Alternative N=
ame
> > field (or even as multiple CNs in the Subject field).
>
> > --
> > ---
> > HTH,
> > Dobromir
>
> > Learn more about Security and Identity Management:
> > Visithttp://www.iamechanics.com
>
> > >I have a web site on an internal iis 6.0 server. Some users use the hos=
t
> > > header name of the website with the domain attached and some connect
> > > without:
>
> > > for example:
>
> > > https:\internal vs https:\internal.company.com
>
> > > I have anSSLcertificate that has the host header name and those that
> > > connect without the domain connect straight through, no errors. If the=
y
> > > use
> > > the https:\internal.company.com however they get a certificate error =
as
> > > the
> > > name is different then the certifcate. I can change the certificate to=
> > > include the domain but then the host header name by itself gives the
> > > error.
>
> > > is there a way to allow both to work without a certificate error?
>
> > > I tried a spin on the wildcard certificate creating a request with
> > > "internal.*" but that was no go as well. Do you need to "turn anything=
on"
> > > to
> > > get IIS 6.0 to accept the "*" maybe?
>
> > > Certificates authorized through an internal 2003 CA
>
> > > thanks- Hide quoted text -
>
> - Show quoted text -
| 
XML site map