IIS 5 & IIS 6
SSL certificate issue, accessing internally and externally
Last post Oct 10, 2007 12:32 AM by qbernard
Oct 08, 2007 10:50 PM|kemporama|LINK
Oct 08, 2007 11:42 PM|qbernard|LINK
Set a side the WSUS coz I never play with it. Now One site only associate with One cert, so unless the internal and external are using the same FQDN which map to the cert common name, you will get name not match warning at one site. And if this is selfsign
cert, the CA's root cert need to be install at all clients, else you got cert not trusted, etc error.
And typically, in this requirement. we setup 2 sites for internal and external, both point to the same web files, etc. In the case of WSUS, you might want to check with WSUS forum.
Oct 10, 2007 12:29 AM|kemporama|LINK
Thanks for the suggestion. I created a duplicate site of WSUS in IIS and set it to use different ports. I created a new cert with the FQDN of the server, setup DNS and firewall to accept it, etc. I installed the new cert onto the remote server also.
I'm still getting the same errors/warnings I listed above however.
For testing purposes we can take WSUS out of the picture since it's giving cert warnings when I try to access a straight webpage. Should I be able to create a self signed cert on my internal network for the FQDN of the server from the outside, and not get
these cert warnings?
Oct 10, 2007 12:32 AM|qbernard|LINK
For WSUS, I believe is cert trust issue, etc. You can google for more info.
For the cert prompt warning, internally you can use self signed cert and get internal client to trust the CA issuing the cert. For external user, it is recommended to get a commercial cert that trusted by default in the browsers.