RE: https and certs issues

Mon, 16 Nov 2009 10:02:26 -0800 

If you wait until an nslookup command is successful then you should be
good to go from a name resolution standpoint.  Since it's IE you might
want to close the browser and start over again after you can do an
nslookup.  I've seen weird cases where IE seems to cache a negative
response.

 

From: David W. McSpadden [mailto:[email protected]] 
Sent: Monday, November 16, 2009 12:58 PM
To: NT System Admin Issues
Subject: Re: https and certs issues

 

I think I tried that but it failed.

Maybe I didn't wait long enough.

I will read these two articles I just printed.  Then I will walk through
my thoughts on my internal AD sites.

 

From: Richard Stovall <mailto:[email protected]>  

Sent: Monday, November 16, 2009 12:48 PM

To: NT System Admin Issues
<mailto:[email protected]>  

Subject: RE: https and certs issues

 

Once you create the zone on your internal DNS servers you then need to
create either an A record pointing to the internal ip the site is
listening on or a CNAME record pointing to the server's internal FQDN.
Split DNS.

 

From: David W. McSpadden [mailto:[email protected]] 
Sent: Monday, November 16, 2009 12:41 PM
To: NT System Admin Issues
Subject: https and certs issues

 

I don't think I have any issue but I am having a hard time explaining
myself to my board.

 

Here is what I have:

An internal web server nat through my firewall.

An ssl cert to the address of the nat on the firewall.

A DNS record to the nat on the firewall.

 

When accessing the site internally I use the local ip address and get
the "security certificate presented by this website was issued for a
different website's address" which I understand should

be there because I am not going to the DNS record for the cert.  

When accessing the site externally I use the DNS record and get directly
to the login page as expected.

 

I want to walk through this with my board but I am instructed it has to
be exactly how they will see it in the real world not no local ip's and
no cert errors.....

When I try to access it using the DNS record IE gets stuck.

I can add the host address to my hosts file and everything looks great.

When I add an new zone or a ptr record IE gets stuck.

 

Any ideas how to help me, other than the hosts file?

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to