Awesome, Brian. :)
*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Tue, Dec 18, 2012 at 7:41 PM, Brian Desmond <[email protected]>wrote: > Just to close the loop on this, thanks to the feedback on this alias, the > friendly folks at DigiCert have removed the page in question as well as > made a number of additional enhancements to their pages that discuss > internal names. > > Let me know if anything else jumps out and I'll connect you to the right > people. > > Thanks, > Brian > > > Thanks, > Brian Desmond > [email protected] > > w - 312.625.1438 | c - 312.731.3132 > > -----Original Message----- > From: Brian Desmond [mailto:[email protected]] > Sent: Monday, December 10, 2012 12:00 PM > To: NT System Admin Issues > Subject: RE: SSL and the new no internal names ruling > > I reached out to DigiCert about this. > > Thanks, > Brian Desmond > [email protected] > > w - 312.625.1438 | c - 312.731.3132 > > -----Original Message----- > From: Steve Kradel [mailto:[email protected]] > Sent: Monday, December 10, 2012 11:48 AM > To: NT System Admin Issues > Subject: Re: SSL and the new no internal names ruling > > Well, this is certainly a terrible article from Digicert. Rename or > migrate your domain in order to get certs that match your AD FQDN? > Links to ADMT?? Utter madness. Just use an internal CA for an intranet > site, as nobody else will be able to resolve those names anyhow. Buy certs > from a public CA for external-facing boxes and don't even worry about the > internal name, it doesn't matter. > > As for the advice of using the AD domain name "foo.com" for your business > that receives mail as [email protected] and has a website at foo.com, this is > awful advice too and causes tons of DNS headaches. > Do not do this. > > --Steve > > On Mon, Dec 10, 2012 at 10:12 AM, Rick Berry <[email protected]> > wrote: > > Presuming this has been discussed a bit ... but ran into it personally > > for the first time today, when a customer asked me to renew an > > Exchange certificate and sent me their CSR with a NetBIOS name in it ... > > it tripped the "November 2015" rule on me for the first time as I was > > trying to renew something with an internal name past that > > implementation date of 11.1.2015 ... > > > > > > > > Via Digicert, although we all have the issue on any given SSL provider > > including Simon's @ (shameless plug) www.certificatesforexchange.com ... > > > > > > > > What concerned me was Digicert's page about 'what to do', which > > basically takes one down the path of 'rendom' or directory migration > > just to do a name change in the event you made your forest '.local' or > > similar ... > > > > > > > > http://www.digicert.com/ssl-support/reconfigure-internal-dns-names-iis > > -7.htm > > > > > > > > Curious how people are approaching this. I'm loathe to rename > > domains, and not looking forward to hearing back from all the people > > I've told over the years to make sure that they name their internal > domains '.local'. > > > > > > > > Rick > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
