Re: Need help with unique CAS SSL issue

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Luco <Luco@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Sep 2008 11:12:01 -0700

Yup, they just didnt think they needed to own that name. I was told that the
CAS server creates SCP points that use the FQDN and it was best practices to
use these names. As you can see Im in a it of a bind here. Im also working
with a MSF consultant who is telling me I need these names and recomended the
PKI. Unfortunatley he/she is not giving me a straight answer on this.

"Michael Dragone" wrote:

You're saying they used foobar.com for the AD domain name but never
registered it? And someone else owns it? That's...odd.

You technically don't have to include the internal names; you can include as
many or as few names as you like up to the specifications of the CA you're
using.

"Luco" <Luco@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:95976AFA-ADA9-45E2-BA48-A779688B3F29@xxxxxxxxxxxxxxxx

I attempted to obtain a SAN Cert for my CAS's with Verisign. I was using
my
external name space for webmail and autodiscover. I was also registering
my
internal name space for the servers FQDN and short name. I was denied the
cert because the company Im working with used a name space for their
internal
active directory that they did not own. They used a valid name space for
the
internal AD.I have never come accross this in all my years. So my question
is
do I really need to have the internal name space on the CAS certs?

Otherwise it sounds like Im going to have to try and buy our domain name
back or setup an internal PKI to get around this.

Any help is greatly appreciated.

Follow-Ups:
- Re: Need help with unique CAS SSL issue
  - From: Michael Dragone

References:
- Need help with unique CAS SSL issue
  - From: Luco
- Re: Need help with unique CAS SSL issue
  - From: Michael Dragone

Prev by Date: Re: Need help with unique CAS SSL issue
Next by Date: SMTP Forwarding Connector: powershell cmd errors
Previous by thread: Re: Need help with unique CAS SSL issue
Next by thread: Re: Need help with unique CAS SSL issue
Index(es):
- Date
- Thread

Relevant Pages

Re: Outlook 2007 Certificate Error
... These steps assume that a host record exists in the DNS to map the FQDN that you specify to the IP address of the CAS server. ...
(microsoft.public.windows.server.sbs)
Re: PTR-Records without FQDN
... we have in our reverse zone some ptr-records without fqdn. ... That depends on the registering machine. ... Microsoft Certified Trainer ...
(microsoft.public.windows.server.dns)