Forum Discussion

Sarah_Seftel1's avatar
10 years ago

SSL certificate issue

Hi,

First time that I am asked to install ev and set as https and not http.

From what I read, it looks quite easy, however, I'm facing the following issue:

EV server in installed in the NET domain (server FQDN is ARCHIVE.DOMAIN.NET

the customer supplied with a signed generic certificate, but in the details of the certificate the domain there is DOMAIN.CO.IL

this is the only certificate he has, and they are not able to create a ARCHIVE.DOMAIN.NET certificate as they do not have the ability to sign it.

He wants to use the DOMAIN.CO.IL, but I don't see a way of using a certificate with CO.IL and not a NET one, as the EV will not work like that.

Am I missing something? He claims that all his servers are under DOMAIN.NET and they work fine with the DOMAIN.CO.IL certificate and he is certain that there can be a workaround for this issue.

 

Please advice.

 

Sarah

  • we used this:

    http://www.symantec.com/business/support/index?page=content&id=TECH179428

    and changed the ev alias to match the cert domain.

    so stubs are now created under the right domain and the customer does not need to create a different certificate.

5 Replies

  • i believe what you'd need is a SAN cert which has multiple names or aliases in the same cert.

  • Hi Andrew,

    Thanks for your answer.

    So, just to make sure, as long as the current certificate contains domain co.il only, and the EV server is at domain.net, I cannot bypass it by tricking DNS, as this is a straight connection between client to server, and the domain.net must be present in the certificate.

    Thanks,

     

    Sarah

     

  • Just to clarify, is .co.il your external name and .net your internal domain? i think the answer to your cert question about a DNS redirect is that it will take an internal client to your server but then you'd get a cert error because the hostname doesnt match the name on the cert.

    external access it different because there's typically a proxy in place which can handle the external/internal redirect for you but i would still think that you'd have an internal cert with the .net server name installed in there.

  • Thanks!

     

    So the customer will need a new cert for EV with the domain.net, else the cert error will appear.

    Thanks a lot!

     

    Sarah

  • we used this:

    http://www.symantec.com/business/support/index?page=content&id=TECH179428

    and changed the ev alias to match the cert domain.

    so stubs are now created under the right domain and the customer does not need to create a different certificate.