Re: Certificate Issuing
- From: Joe <joe@xxxxxxxxxxxxxx>
- Date: Tue, 30 Jan 2007 18:55:15 +0000
John F Kappler wrote:
Another question...
The internet is connected to our server by two ADSL lines (through a
load balancing router), each with its own static ip address.
I'm arranging for two A records to be setup: reca.mydomain.com and
recb.mydomain.com to address each of the ips so that remote users can
choose which line they connect through.
I presume I cannot set up two certificates using CEICW so I'll choose
reca.
If the user installs that cert on their PC, does it matter which
connection they then elect to use?
Not too much. The point of the certificate is so that the browser
warns the user if the certificate FQDN does not match the URL of
the connection, and this would happen here if they connect to the
'other' one. As long as they are happy to check they have a correct
URL and hit 'go ahead anyway' there's not a problem.
This is the underlying reason for using traceable certificates.
There's nothing to stop you asking a self-signed CA for a web server
certificate for 'microsoft.com', but a commercial certification
authority will make at least a token check to see if a customer
actually has the right to the domain name. This work is part of what
you're paying for, and is irrelevant within a single company.
.
- Follow-Ups:
- Re: Certificate Issuing
- From: John F Kappler
- Re: Certificate Issuing
- References:
- Certificate Issuing
- From: John F Kappler
- Re: Certificate Issuing
- From: John F Kappler
- Certificate Issuing
- Prev by Date: Re: auto-started services not running -QUESTION
- Next by Date: Cross-Forest Roaming Profiles
- Previous by thread: Re: Certificate Issuing
- Next by thread: Re: Certificate Issuing
- Index(es):
Relevant Pages
|
