SSL warning message for Intranet site

Hi,

I have an intranet site that is set up using ssl 128bit encryption (using my
own certificate server- windows 2003 server (so thats iis 6.0)

The name i used set for the 'issued to' part is its fqdn
(intranet.domain.co.uk) when using the FQDN (https://intranet.domain.co.uk)
it works fine without any errors.

When using it internally I want people to just type https://intranet. This
works but they receive an error saying the name doesnt match the name on the
certificate, cliick yes to continue.

Is there a way round this? I cant think of one ........help!!

P.s I have another question but will create a new thread for that. Fell free
to ansa both :)

Re: SSL warning message for Intranet site

I'm not 100% sure whether this will work, but IIRC it does.

Ensure that "intranet" by itself isn't resolvable. Ensure that the client's
TCP/IP DNS settings are configured to automatically append the
"domain.co.uk" suffix. Then, when the user types in "intranet", the machine
will also try "intranet.domain.co.uk" (by automatically appending the DNS
suffix you specified). Then the sitename and certificate common name will
match.

Alternatively, create another site in IIS. Configure it the same as the
existing site, except make it answer to https://intranet, and issue a
certificate with "intranet" as the common name.

Cheers
Ken


"l3msip" wrote in message
news:E65A79EA-2F39-4B54-B22C-F7EC2329D9EF@microsoft.com...
> Hi,
>
> I have an intranet site that is set up using ssl 128bit encryption (using
> my
> own certificate server- windows 2003 server (so thats iis 6.0)
>
> The name i used set for the 'issued to' part is its fqdn
> (intranet.domain.co.uk) when using the FQDN
> (https://intranet.domain.co.uk)
> it works fine without any errors.
>
> When using it internally I want people to just type https://intranet. This
> works but they receive an error saying the name doesnt match the name on
> the
> certificate, cliick yes to continue.
>
> Is there a way round this? I cant think of one ........help!!
>
> P.s I have another question but will create a new thread for that. Fell
> free
> to ansa both :)

Re: SSL warning message for Intranet site

.... and there's another alternative. Add redirect code to the main page, or
to all pages on the web site, such that if the requested web site is
http://intranet, have it redirect to https://intranet.domain.co.uk. To do
this with server-side ASP / vbscript, I believe this would be something like

<%
If LCase(Request.ServerVariables("server_name")) = "intranet" Then
Response.Redirect "https://intranet.domain.co.uk" &
(Request.ServerVariables("http_url"))
%>

You could also do a client-side redirect with javascript.


"Ken Schaefer" wrote in message
news:%23AnqqrYqGHA.5108@TK2MSFTNGP05.phx.gbl...
> I'm not 100% sure whether this will work, but IIRC it does.
>
> Ensure that "intranet" by itself isn't resolvable. Ensure that the
> client's TCP/IP DNS settings are configured to automatically append the
> "domain.co.uk" suffix. Then, when the user types in "intranet", the
> machine will also try "intranet.domain.co.uk" (by automatically appending
> the DNS suffix you specified). Then the sitename and certificate common
> name will match.
>
> Alternatively, create another site in IIS. Configure it the same as the
> existing site, except make it answer to https://intranet, and issue a
> certificate with "intranet" as the common name.
>
> Cheers
> Ken
>
>
> "l3msip" wrote in message
> news:E65A79EA-2F39-4B54-B22C-F7EC2329D9EF@microsoft.com...
>> Hi,
>>
>> I have an intranet site that is set up using ssl 128bit encryption (using
>> my
>> own certificate server- windows 2003 server (so thats iis 6.0)
>>
>> The name i used set for the 'issued to' part is its fqdn
>> (intranet.domain.co.uk) when using the FQDN
>> (https://intranet.domain.co.uk)
>> it works fine without any errors.
>>
>> When using it internally I want people to just type https://intranet.
>> This
>> works but they receive an error saying the name doesnt match the name on
>> the
>> certificate, cliick yes to continue.
>>
>> Is there a way round this? I cant think of one ........help!!
>>
>> P.s I have another question but will create a new thread for that. Fell
>> free
>> to ansa both :)
>
>