Question on SSL certs.

RimBlock

RimBlock

RimBlock

Associate
Joined
10 Nov 2004
Posts
2,237
Location
Expat in Singapore
Hi,

I am trying to sort out a SSL cert that will work with remote access for my home server.

I have purchased one from eNomCentral (Rapid SSL) who are holding the domain I am going to use. The cert has not been issued yet as I need to generate the CSR.

The DNS servers have been changed from eNomCentrals to the company I have a hosting package with. The subdomain I will use to connect to my come server is pointed (via a DNS alias record) to DynDNS which is kept sync'd to my regularly changing home IP address (no chance to change to static with any providers here without paying a big premium).

So, routes for;
Web and mail: eNom -> Hosting provider DNS -> Hosting Provider Servers.
Remote access: eNom -> Hosting provider DNS -> DynDNS -> Home server (running MS IIS7).

I need to use DynDNS as other services are filtered by corporate firewalls (homeserver.com for example).

The three questions I have are;
1. Will it work fine even through the funky routing.
2. Any gotchas to look out for / be aware of. Hate to get it issued and then find it doesn't work.
3. Do I need to issue it for rdp.mydomain.com (the subdomain matching the DNS alias) or mydomain.com (The purchased domain).

I would presume that the SSL Cert would not work with my hosting provider as they will be using a different web server but it would work with a website my home server runs if I redirected www (for example) to my home network.

Thanks
RB
 
Depends on the SSL cert you buy. Most ordinary certs are for a single host so if you bought one of these for just mydomain.com it wouldn't work with rdp.mydomain.com. You could by a cert that covers that domain and all subdomains, but those are much more expensive and unecessary for you by the look of it.
 
Thanks DF.

Hmm, that is not so good. Not sure how to get one for rdp.mydomain.com if the registered domain with the provider is only mydomain.com.

The SSL is still not configured (not done the CSR yet) so I may be able to get something changed.

RB
 
You shouldn't have any problem getting a cert for any subdomain of the one you have registered. Not sure what the process is with the company you have gone for though. I regularly get certs issued for all kinds of web and outlook web access sites where the domain is companydomain.com and the actual site is mail.companydomain.com.

Generally, when creating the CSR just make sure you do it for rdp.mydomain.com rather than mydomain.com and you should be fine.
 
Donkeyfumbler said:
You shouldn't have any problem getting a cert for any subdomain of the one you have registered. Not sure what the process is with the company you have gone for though. I regularly get certs issued for all kinds of web and outlook web access sites where the domain is companydomain.com and the actual site is mail.companydomain.com.

Generally, when creating the CSR just make sure you do it for rdp.mydomain.com rather than mydomain.com and you should be fine.
Click to expand...

Thanks again.

The Rapid Geotrust SSL cert is only US$19.99/year so it is really bottom tier but should be good for what I want. The process seems like it is just generating the CSR from my web server (IIS7), pasting it in the the SSL config page on the SSL cert provider (my domain name provider) and then it should come through. I imaging the creation of the CSR is where I need to specify the sub-domain I wish to have the cert issued for.

I shall give it a go.

Many thanks
RB
 
I don't know about the Rapid cert but even for GoDaddy's cheapest SSL, you have to jump through a hoop to prove domain ownership/control. With them you can either a TXT DNS record or place a small file on your website with a specific code they give you in it.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom