RE: Multiple Public Domains on 1 SBS Certificate

Hi Jenny:

I have read many of your posts on Certificates, therefore I am glad you
have added your thoughts to this problem.

Your points are correct

1) I have one physical server with one Web site that I wish to have a
Certificate that has 5 FQDNs on that ONE Certificate.

2) I want want external users access one web site use any public FQDN of
the five public FQDN?

3) I want to be able to create that ONE certificate with the tools of SBS 2003

I do not quite understand your point

You can contact your ISP to add the five public FQDN records to the one web
site and apply one certificate to it.

At present I control the DNS entries for all 5 FQDNs and they point to the
correct IP for the physical site. Did you mean something else?

Kinid regards
Fred


""Jenny wu [MSFT]"" wrote:

> Hi Fred,
>
> Thanks for using the newsgroup!
>
> For your description, I understand that you want to know if multiple public
> FQDN and multiple certificates can apply to web site and external users can
> access the web site use one FQDN and get the corresponding certificate. If
> I am off base, please don't hesitate to let me know.
>
> Before we go further, could you kindly help me confirm some information to
> isolate the issue?
> 1. How many web sites you have? Do you want to apply all five certificates
> to one web site?
> 2. Do you want external users access one web site use any public FQDN of
> the five public FQDN?
>
> One thing need to clarify that one web site can be only applied one
> certificate, but can be accessed by multiple public FQDN. If you want to
> access one web site use multiple FQDN and get the corresponding
> certificate, you can create some web sites which content is the same with
> the web site and then publish them to internet with different public FQDN.
> And apply the corresponding certificate to the web site. In that way,
> external users can access the web site using different FQDN to get
> different certificate. However it may not be necessary. You can contact
> your ISP to add the five public FQDN records to the one web site and apply
> one certificate to it.
>
> Hope above information helps! If you have any further concern or question
> on the issue please let me know. I am look forward to your update.
>
> Have a nice day!
>
> Sincerely,
>
> Jenny Wu
> Microsoft CSS Online Newsgroup Support
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> >Thread-Topic: Multiple Public Domains on 1 SBS Certificate
> >thread-index: AcXpivJjBu3q5FKDS/KsGlMNm2tbqw==
> >X-WBNR-Posting-Host: 64.230.22.11
> >From: "=?Utf-8?B?RnJlZCBBbmRyZW9uZQ==?="
> <FredAndreone@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >Subject: Multiple Public Domains on 1 SBS Certificate
> >Date: Mon, 14 Nov 2005 18:19:03 -0800
> >Lines: 35
> >Message-ID: <A5D472CC-F4F6-49EB-A6F8-9D5F2F7EE100@xxxxxxxxxxxxx>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.windows.server.sbs
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:222259
> >X-Tomcat-NG: microsoft.public.windows.server.sbs
> >
> >The current SBS certificate generated by CEICW contains 1 public DNS name,
> >plus multiple private DNS names.
> >
> >Presently the SBS2k3 Standard SP1 EXSP2 2 nics and RV042 router is
> >responding to 5 Public DNS names succesfully. Mail for the Pulic Dns names
> is
> >handled properly by Exchange.
> >
> >The only problem is that the certificates sent to web clients do not
> confirm
> >that the server DNS name is the same as the DNS name requested.
> >
> >Example the server Certificate is set by CEICW to
> >mycompamy.com
> >
> >All of the following requests indicate a certificate mismatch
> >
> >www.mycompany.com
> >mail.mycompany.com
> >mycompany.ca
> >www.mycompany.ca
> >mycompany.org
> >www.mycompany.org
> >
> >Unfortunately, CEICW does not allow the entry of multiple FQDN's. Editing
> >the VBS file generated by CEICW does not allow additonal names to be added.
> >
> >Creating a certificate with multiple FQDN's requests in Security Tab of
> the
> >web site then importing it into Certfiicate manager does not create the
> right
> >CN's.
> >
> >Can anyone explain how to create a self-registered certificate with
> multiple
> >FQDN's. This should be a fairly normal occurance for small business.
> >
> >Many thanks in advance
> >Fred
> >
> >
>
>
.

Relevant Pages

  • RE: Multiple Public Domains on 1 SBS Certificate
    ... For you want to external users can access your web site using multiple ... these public FQDN records of the DNS server. ... You just need run one time CEICW to create one certificate for the web ...
    (microsoft.public.windows.server.sbs)
  • RE: Multiple Public Domains on 1 SBS Certificate
    ... I understand that you want to know if multiple public ... FQDN and multiple certificates can apply to web site and external users can ... access the web site use one FQDN and get the corresponding certificate. ...
    (microsoft.public.windows.server.sbs)
  • [NT] Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Certificate Enrollment Control, the purpose of which is to allow web-based ...
    (Securiteam)
  • RE: Multiple Public Domains on 1 SBS Certificate
    ... NS and MX records that point to the physical web site. ... > these public FQDN records of the DNS server. ... the certificate has been applied to the web ...
    (microsoft.public.windows.server.sbs)
  • Re: Embedding Simple MFC GUI app into website
    ... The problem with security is that so many people say "it doesn't matter". ... particular technology is "evil" goes beyond common sense and increases ... Since you must obtain a certificate for code signing from the trusted ... use it for a general purpose web site as we have all discussed, ...
    (microsoft.public.vc.mfc)