Re: Web Certificate for IIS Server on SBS Domain
- From: Eriq Neale <eon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 13 Sep 2005 14:30:21 GMT
On 2005-09-12 17:03:06 -0500, "Bryan L" <blinton.nospam@xxxxxxxxxxxxxxxxxxxxxxxxxxx> said:
I have configured a certificate on my SBS for use with RWW, OWA, OMA, and RPC over HTTP. I've never had any trouble with it.
I'm now setting up a web application on a new IIS server on my domain and I want to secure all connections with a self-issued certificate, since I want to give my users access to it across the internet. Since the certificate and DNS names need to match, I presume I need to set up another cert specifically for use by that server. I've set up 1:1 NAT and a public DNS record for the server. I just have a few questions:
I've never installed Certificate Services on the SBS because I haven't needed to. Will that be necessary in order for the IIS server to request a certificate of the SBS server?
Will installing Certificate Services mess up my existing configuration in any way?
Do I need to install Certificate Services on the SBS, or can it be installed on the IIS server? Would I get the same results either way, and is there a best practice?
Just looking to clearly understand my options, and the logical process of what I need to do.
Thanks in advance!
Bryan
Hey Brian - a couple of other questions for you:
1. Is the Public Name of the new IIS server the same or different from the name used to access RWW, OWA, etc?
2. If they are different (which seems to be the case in your message, but it's not exactly clear, hence question #!) are they both pointing to the same public IP address?
3. Is this new IIS server only on the internal network, or does it have a separate interface that connects to the public internet as well?
To be perfectly honest, I would recommend that you avoid the use of Certificate Services on your internal network and if the second IIS server is as truly separate as it seems like it might be, go ahead and purchase a third-party certificate for that server and keep it independent of the self-signed certificate for the SBS server. Can you install and use Certificate Services to do what you are wanting? Absolutely. Is it going to cost more in time and headache than purchasing a third-party cert for your second website? Absolutely times 10. You have to realize that once you pur Certificate Services in an SBS environment, you don't want to pull it out, and it can in some cases interfere with traditional SBS certificate functions.
Case in point - about two months ago, I set up a purchased certificate for a client. The total cost to the client was about one hour of my standard consulting rate. Only half of that cost went toward the purchase of the certiicate, and the other half represented the half hour of my time that it took me to set it up. If you're only trying to set up a single certificate for a single site, I cannot see the time value of setting up Certificate Services for that single server.
If you were talking about putting together certs for multiple servers and/or multiple users, then you might look into it, but in this scenario, I think it would be more trouble than it's worth...
HTH...
-Eriq -- Eriq Neale - Small Business Specialist, MCSE, Mac Guru EON Consulting - www.eonconsulting.net Author of Microsoft Small Business Server 2003 Unleashed Need additional IT insight? E-mail "support at eonconsulting dot net"
.
- Follow-Ups:
- Re: Web Certificate for IIS Server on SBS Domain
- From: Bryan L
- Re: Web Certificate for IIS Server on SBS Domain
- References:
- Web Certificate for IIS Server on SBS Domain
- From: Bryan L
- Web Certificate for IIS Server on SBS Domain
- Prev by Date: Re: NDR appear when sending mails to branch offices
- Next by Date: Re: Problem with Companyweb
- Previous by thread: Re: Web Certificate for IIS Server on SBS Domain
- Next by thread: Re: Web Certificate for IIS Server on SBS Domain
- Index(es):
Relevant Pages
|
