Well, this is certainly a terrible article from Digicert. Rename or migrate your domain in order to get certs that match your AD FQDN? Links to ADMT?? Utter madness. Just use an internal CA for an intranet site, as nobody else will be able to resolve those names anyhow. Buy certs from a public CA for external-facing boxes and don't even worry about the internal name, it doesn't matter.
As for the advice of using the AD domain name "foo.com" for your business that receives mail as u...@foo.com and has a website at foo.com, this is awful advice too and causes tons of DNS headaches. Do not do this. --Steve On Mon, Dec 10, 2012 at 10:12 AM, Rick Berry <rbe...@elevativenetworks.com> wrote: > Presuming this has been discussed a bit … but ran into it personally for the > first time today, when a customer asked me to renew an Exchange certificate > and sent me their CSR with a NetBIOS name in it … it tripped the “November > 2015” rule on me for the first time as I was trying to renew something with > an internal name past that implementation date of 11.1.2015 … > > > > Via Digicert, although we all have the issue on any given SSL provider > including Simon’s @ (shameless plug) www.certificatesforexchange.com … > > > > What concerned me was Digicert’s page about ‘what to do’, which basically > takes one down the path of ‘rendom’ or directory migration just to do a name > change in the event you made your forest ‘.local’ or similar … > > > > http://www.digicert.com/ssl-support/reconfigure-internal-dns-names-iis-7.htm > > > > Curious how people are approaching this. I’m loathe to rename domains, and > not looking forward to hearing back from all the people I’ve told over the > years to make sure that they name their internal domains ‘.local’. > > > > Rick > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
