HAHAHAHAHAHA. So did I. :)
-----Original Message----- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, December 10, 2012 1:00 PM To: NT System Admin Issues Subject: RE: SSL and the new no internal names ruling I reached out to DigiCert about this. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -----Original Message----- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Monday, December 10, 2012 11:48 AM To: NT System Admin Issues Subject: Re: SSL and the new no internal names ruling Well, this is certainly a terrible article from Digicert. Rename or migrate your domain in order to get certs that match your AD FQDN? Links to ADMT?? Utter madness. Just use an internal CA for an intranet site, as nobody else will be able to resolve those names anyhow. Buy certs from a public CA for external-facing boxes and don't even worry about the internal name, it doesn't matter. As for the advice of using the AD domain name "foo.com" for your business that receives mail as u...@foo.com and has a website at foo.com, this is awful advice too and causes tons of DNS headaches. Do not do this. --Steve On Mon, Dec 10, 2012 at 10:12 AM, Rick Berry <rbe...@elevativenetworks.com> wrote: > Presuming this has been discussed a bit ... but ran into it personally > for the first time today, when a customer asked me to renew an > Exchange certificate and sent me their CSR with a NetBIOS name in it ... > it tripped the "November 2015" rule on me for the first time as I was > trying to renew something with an internal name past that > implementation date of 11.1.2015 ... > > > > Via Digicert, although we all have the issue on any given SSL provider > including Simon's @ (shameless plug) www.certificatesforexchange.com ... > > > > What concerned me was Digicert's page about 'what to do', which > basically takes one down the path of 'rendom' or directory migration > just to do a name change in the event you made your forest '.local' or > similar ... > > > > http://www.digicert.com/ssl-support/reconfigure-internal-dns-names-iis > -7.htm > > > > Curious how people are approaching this. I'm loathe to rename > domains, and not looking forward to hearing back from all the people > I've told over the years to make sure that they name their internal domains > '.local'. > > > > Rick > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
