Post-wildcard certificate installation, internal requests ..

External Since: Dec 21, 2007 Posts: 6

Hello,

We have successfully implemented wildcard certificates on two sites on
W2k3 SP1 IIS 6.0.

After everything was settled, we've discovered that internal secure
requests now fail with "Bad Request (Invalid Hostname)". For example,
users would use "https://10.10.1.99/data_entry/enter_data.asp".

It will work if I path my users outside and back in through IIS, but
from a risk management standpoint that is unacceptable. For example,
users now use "https://secure.website.com/data_entry/enter_data.asp".

I hope this can be done through either additional host header values,
further configuration of the SecureBindings metabase or even possibly
editing each users "Hosts" file?

Thanks.

External Since: Aug 23, 2003 Posts: 3041

Can't you configure a DNS hostname on your internal DNS servers that points
https://secure.website.com -> 10.10.1.99?

Your issue is (most likely) that the hostname "10.10.1.99" does not match
the CN name in the certificate (*.website.com)

Cheers
Ken

"occupant" <djoccupant RemoveThis @yahoo.com> wrote in message
news:28e05410-cd58-4ed8-a117-17a0da8cbc03@i72g2000hsd.googlegroups.com...
> Hello,
>
> We have successfully implemented wildcard certificates on two sites on
> W2k3 SP1 IIS 6.0.
>
> After everything was settled, we've discovered that internal secure
> requests now fail with "Bad Request (Invalid Hostname)". For example,
> users would use "https://10.10.1.99/data_entry/enter_data.asp".
>
> It will work if I path my users outside and back in through IIS, but
> from a risk management standpoint that is unacceptable. For example,
> users now use "https://secure.website.com/data_entry/enter_data.asp".
>
> I hope this can be done through either additional host header values,
> further configuration of the SecureBindings metabase or even possibly
> editing each users "Hosts" file?
>
> Thanks.