I have service running a Windows box that users access via http from inside our network and from the internet. They access this service both via the browser and using a Desktop tool
The box's FQDN is somebox.ourdomain.com.
We're using DYNDNS so that external requests to http://theservice.otherdomain.com get our public IP. External users hit the service by accessing http://theservice.otherdomain:8080, and our router forwards to somebox.ourdomain.com:80
Works fine. But now we want to use SSL.
I'm a bit confused whether the CN I should use is the the FQDN of the host itself (somebox.ourdomain.com) OR that of the DNS entry (theservice.otherdomain.com). I suspect it's not the latter, as that would break for all of the internal folks.
Can someone confirm? Is this a scenario where it would be worth playing with a self-signed cert first to make sure I have the proper CSR values BEFORE I drop a couple hundred bucks on a CA signed cert?