> -----Original Message-----
> From: [EMAIL PROTECTED]
>
> To verify properly, the certificate must match the fqdn that
> appears in the
> address bar of the user's browser. You can achieve this by
> either having the
> user type it, or linking/redirecting to that URL from another
> page. Create your
> CSR for the fqdn that you want your users to type and/or the
> URL you plan to
> link to. The browser doesn't perform any RDNS lookups to
> verify the cert, which
> means that all you need to configure is DNS sufficient to get
> Joe Internet User
> 1) to the server 2) with the correct URL.
>
> Hope that helps more than harms ... :)
>
> Dan Hitchcock
> Network Engineer
>
Dan - thanks for your response.
So the answer would seem to be that since FW-1 is doing an http redirect,
the server's certificate should have the same URL as the content of the
refresh - which is to say:
Logical server: fred.pffcu.org
server 1: wilma.pffcu.org cert=wilma.pffcu.org
server 2: bambam.pffcu.org cert=bambam.pffcu.org
As opposed to each server having a cert that is for fred.pffcu.org
--
Bill
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
