We have:
- Security Server - not on domain, has internal IP address of 10.121.125.110 and external address of 209.68.96.26
- SSL cert for view.victorschools.org installed
- DNS entry of view.victorschools.org pointing towards 209.68.96.26
- SSL cert for view.victorschools.org installed
- Broker Server - on domain, has internal IP address of 10.121.127.107
- SSL cert for broker.vcs.local installed
- DNS entry of broker.vcs.local pointing towards 10.121.125.107
- DNS entry of view.victorschools.org pointing towards 10.121.125.107
- SSL cert for broker.vcs.local installed
The problem crops up on two fronts:
- Teacher laptop that has the view client installed pointed towards view.victorschools.org. Internally that DNS entry points towards the broker server which has the cert of broker.vcs.local. Unless the client is setup to not check certs, connection will not work. When we try it immediately comes back with a cert mismatch error.
- Personal device – student loads the View client on a laptop or iPad and points it towards view.victorschools.org. It works fine at home but again will not work on campus since it is a cert mismatch
Can I just resolve this by changing a DNS entry and have view.victorschools.org point towards 10.121.125.110 which is the internal IP address of the security server? Of course this will make any student with a personal device point towards our security server whether at home or at school. I know we want internal devices to point towards the broker and external clients to point towards the security server. Here is a discussion of the same thing I am experiencing minus the SSL cert issue.
http://communities.vmware.com/thread/431399
I know that windows CA can generate certs with Subject Alternative Names (SAN). Can we generate a cert from our Window CA for broker.vcs.local and view.victorschools.org and install it on the broker server to solve this?