« Previous Next »

• 10-05-2008, 1:17 PM

  ssherbin Joined on 10-05-2008, 5:02 PM Posts 2

  IIS6 Integrated AD Authentication & SSL Reply Contact I have to deploy a web-based application that will use SSL and AD integrated authentication on an internal IIS6 web server.  The web server is a member of our w2k3, internal private domain.  I can't use a public CA like Verisign or Thawte to secure our internal, private domain.   The application vendor tells me that in order to use pass-through AD authentication for their application, the web site must have the same domain name as our internal private domain. I'd rather not build and support an internal CA.   We do have a registered external domain that I would rather use for the web site's SSL cert, but I don't know how i can use our external domain name for the site and enable ad integrated authentication to my internal site based on what the vendor is telling me. Does anyone know how I could set up the site with my external domain name for the SSL cert and still use pass through AD authentication? Thanks for any ideas. Serge

  Tags: authenticationIis 6.0 SSL Issuesdomain authentication

• 10-06-2008, 8:20 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 6:27 AM Central NJ Posts 6,189

  Re: IIS6 Integrated AD Authentication & SSL Reply Contact I'm not sure that IIS cares about the FQDN assigned to the site versus the Windows domain used for authentication - the issue sounds like it may be more of how the application behaves.  You could certainly test this out though. If you really need an internal/private SSL cert (and it will only be used by internal clients) why not just generate it with SelfSSL from the IIS Resource Kit?  It won't be from a "real" CA - but who cares?  It's an internal app and it will still encrypt all of the traffic. Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 10-06-2008, 10:13 AM

  In reply to

  ssherbin Joined on 10-05-2008, 5:02 PM Posts 2	Re: IIS6 Integrated AD Authentication & SSL Reply Contact Tomkmvp, Thanks for your response.  The SelfSSL would work, but is there a way to avoid the security popup message warning about the site's cert validity?  Thanks, Serge

• 10-06-2008, 11:04 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 6:27 AM Central NJ Posts 6,189	Re: IIS6 Integrated AD Authentication & SSL Reply Contact Not from the server - the client would have to do that. Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/