Security Server - we purchased a cert, view.victorschools.org, from GoDaddy. External DNS entry for view.victorschools.org points towards 209.68.96.26
- District owned device off campus works fine
- Personal device off campus works fine
Broker - we have an internal Windows CA setup and issued a cert with a name of broker.vcs.local and a Subject Alternative Name (SAN) of view.victorschools.org. Internal DNS entry for broker.vcs.local and view.victorschools.org points toward 10.121.125.107
- District owned laptop or desktop - view client works fine since these machines are setup to trust our Windows CA
- Personal devices such as PC laptops, Mac laptops, or iPads - this is where the issue is. When one of these devices attempts to connect using view.victorschools.org which internally points towards our Broker server, they get a cert mismatch error. Even though the cert has a SAN of view.victorschools.org for whatever reason it picks up on broker.vcs.local.
How is split DNS and certs handled correctly? I want to point clients towards view.victorschools.org whether they are internal/external or district owned/personal and have it just work. I could have them turn off certificate verification in the client but this is one more thing a person would have to do. I am not even sure if cert checking is somethign that can be turned off on the iPad client.