locked
Workplace Join Confusion RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello, Everyone.

    I'm studying for my 70-412 exam and in one of my pretests I have this question in which the answer doesn't make any sense to me. I was hoping that someone could help me understand.

    <BEGIN>

    Question:
    You have a 2012 R2 server named WPLACE. You plan to install ADFS on WPLACE to allow for Workplace Join. After running NSLOOKUP for EnterpriseRegistration, the results display:

    Server: dc5.adatum.com
    Address: 192.168.1.5

    Name: FileServ.adatum.com
    Address: 192.168.1.9
    Address: enterpriseregistration.adatum.com

    You need to create a certificate request for WPLACE to support ADFS. How should you configure the certificate request?

    Answer:
    Subject Name (CN): FileServ.adatum.com
    Subject Alerternate Name (DNS): FileServ.adatum.com
    Subject Alternate Name (DNS): enterpriseregistration.adatum.com

    <END>

    What I don't understand is if you are requesting the certificate for WPLACE, why is the Subject Name and 1st Alternate listed as FileServ? Is this saying that WPLACE is acting as a proxy? I understand the EnterpriseRegistration alternate, but in this scenario I'm not following the complete answer.

    Any help to clarify would be appreciated.

    TIA!

    ::- T.I.A. -::

    Saturday, December 31, 2016 2:36 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    When using SAN, one of the SAN has to be the SN.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, January 8, 2017 4:59 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Not sure did I understand your question correctly, but as I read your question: Because server's name does not need to match on the certificate.

    The key is the connection between DNS and subjectname/SANs. So the server's name can be e.g. wplace.contoso.local, but if you call that from inside/outside using name: FileServ.adatum.com, then the certificate needs to be for that and not for the actual server name. wplace is not required in the certicate.

    Petri

    Sunday, January 8, 2017 5:06 PM