Using article http://www.amset.info/netadmin/split-dns.asp and create a Primary zone unintegrated with AD. I flushed my DNS and resolved internally. I had the right idea but I wasn't making the complete connection.
From: Andrew S. Baker Sent: Monday, November 16, 2009 12:52 PM To: NT System Admin Issues Subject: Re: https and certs issues Like Don said, you'll need to setup split-DNS. Get yourself another DNS record that points to the internal IP, and when you are inside the network it will use the same name but different IP and you should see no cert error. Outside, you will see the same name, with the outside IP, and no cert error. Now, you just have to manage the DNS properly. ASB (My XeeSM Profile) Providing Competitive Advantage through Effective IT Leadership On Mon, Nov 16, 2009 at 12:41 PM, David W. McSpadden <[email protected]> wrote: I don't think I have any issue but I am having a hard time explaining myself to my board. Here is what I have: An internal web server nat through my firewall. An ssl cert to the address of the nat on the firewall. A DNS record to the nat on the firewall. When accessing the site internally I use the local ip address and get the "security certificate presented by this website was issued for a different website's address" which I understand should be there because I am not going to the DNS record for the cert. When accessing the site externally I use the DNS record and get directly to the login page as expected. I want to walk through this with my board but I am instructed it has to be exactly how they will see it in the real world not no local ip's and no cert errors..... When I try to access it using the DNS record IE gets stuck. I can add the host address to my hosts file and everything looks great. When I add an new zone or a ptr record IE gets stuck. Any ideas how to help me, other than the hosts file? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
