• 11
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

I have service running a Windows box that users access via http from inside our network and from the internet. They access this service both via the browser and using a Desktop tool

The box's FQDN is somebox.ourdomain.com.

We're using DYNDNS so that external requests to http://theservice.otherdomain.com get our public IP. External users hit the service by accessing http://theservice.otherdomain:8080, and our router forwards to somebox.ourdomain.com:80

Works fine. But now we want to use SSL.

I'm a bit confused whether the CN I should use is the the FQDN of the host itself (somebox.ourdomain.com) OR that of the DNS entry (theservice.otherdomain.com). I suspect it's not the latter, as that would break for all of the internal folks.

Can someone confirm? Is this a scenario where it would be worth playing with a self-signed cert first to make sure I have the proper CSR values BEFORE I drop a couple hundred bucks on a CA signed cert?

ssl
      • 1
    • I would recommend adding "theservice.otherdomain.com" to your internal DNS as well so you don't have to keep two URL's in your head.

The CN of the certificate needs to be the fully qualified domain name that your clients will use to access the service. For instance, if I access bankaccounts.hugebank.com from my PC, there will be a certificate issued for bankaccounts.hugebank.com. More specifically, the subject of the certificate will be something like CN=bankaccounts.hugebank.com, O=BigBank Inc, L=Detroit, S=Michigan, C=US, even though the website itself is most likely not hosted on a single machine whose real hostname is bankaccounts.

  • 1
Reply Report

Trending Tags