locked
how to buy a SSl certificate RRS feed

  • Question

  • I am a newbee, I meet a issue is how i need to choose a public SSL certificate, my active domain name is totally different with my public DNS name

    my intranet active directory domain name is abc.com,

    but i have buy a publich domain name is 123.com, 

    in this case does there will has any problem when i buy the public certificate?

    Sunday, May 10, 2015 3:37 PM

Answers

  • The SSL/TLS certificate is tied to the service you want to secure, and the name on the certificate must match how user agents access the resource.

    So, if you have a public website that users access at 123.com, then your certificate needs to be for 123.com. If you have an intranet site that users access at webserver1.abc.com then your certificate needs to be for webserver1.abc.com. If, for example, you use the CNAME intranet.123.com so that users don't need to type webserver1.abc.com then the certificate needs to be for intranet.123.com.

    In short, the Active Directory domain name is not usually relevant, but there are special cases (such as Exchange and LDAPS).

    As others have suggested, you may want to speak with your SSL vendor.

    Best,
    Michael

    • Proposed as answer by Frank Shen5 Wednesday, May 20, 2015 6:19 AM
    • Marked as answer by Frank Shen5 Thursday, May 21, 2015 2:47 AM
    Wednesday, May 13, 2015 4:27 PM

All replies

  • Hi,

    Before going further, what the certificate will be used for, and where do we plan to buy the certificate? Besides, we can also contact the vendor to ask for advice.

    Best regards,
    Frank Shen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Mr XMVP Tuesday, May 12, 2015 5:41 PM
    • Unproposed as answer by SpaceTime_L Wednesday, May 13, 2015 2:21 PM
    Tuesday, May 12, 2015 9:15 AM
  • Hello,

    depending for what the certificate is required you have to get it. So is this for a web site, Exchange etc?

    In your case i would talk to the Security experts in https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserversecurity


    Best regards

    Meinolf Weber

    MVP, MCP, MCTS

    Microsoft MVP - Directory Services

    My Blog: http://blogs.msmvps.com/MWeber

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Twitter:  

    • Proposed as answer by Mr XMVP Tuesday, May 12, 2015 5:41 PM
    • Unproposed as answer by SpaceTime_L Wednesday, May 13, 2015 2:21 PM
    Tuesday, May 12, 2015 11:55 AM
  • this is a the SSL theory issue and it no matter with vendor, the  certificate will used for a website, i want show correctly and  everybody access it without the certificate warning

    • Edited by SpaceTime_L Wednesday, May 13, 2015 2:25 PM
    Wednesday, May 13, 2015 2:23 PM
  • The SSL/TLS certificate is tied to the service you want to secure, and the name on the certificate must match how user agents access the resource.

    So, if you have a public website that users access at 123.com, then your certificate needs to be for 123.com. If you have an intranet site that users access at webserver1.abc.com then your certificate needs to be for webserver1.abc.com. If, for example, you use the CNAME intranet.123.com so that users don't need to type webserver1.abc.com then the certificate needs to be for intranet.123.com.

    In short, the Active Directory domain name is not usually relevant, but there are special cases (such as Exchange and LDAPS).

    As others have suggested, you may want to speak with your SSL vendor.

    Best,
    Michael

    • Proposed as answer by Frank Shen5 Wednesday, May 20, 2015 6:19 AM
    • Marked as answer by Frank Shen5 Thursday, May 21, 2015 2:47 AM
    Wednesday, May 13, 2015 4:27 PM