Just completed my first full setup of SBS 2003 and going through the CEICW,
I'm prompted to create a web certificate. If my company domain name is
www.domain.co.uk and my server name is 'server', am I right in saying that
the web server name is 'server.domain.co.uk ? Sorry for the daft question.
Also, what should I ask my ISP to do ? I intend to use Exchange for SMTP
mail (I see that you guys don't recommend the POP connector). Should I aske
them to create A records and MX records to point my mail to my server public
IP ? Many thanks.
Regards Colin.
here are my reasons for doing the install 3 times:
http://msmvps.com/blogs/kwsupport/archive/2006/08/17/107981.aspx
as to your web certificate, a lot has to do with whether you have a static
or dynamic public Ip address. If dynamic, then you want to signup with
someone like DynDNS or TZO (which I use). They will generate a public name
(like colin.tzo.com) that will point to your dynamic IP address -- and you
would use that for your web certificate.
If you have a static IP address coming to your location, then get with your
domaion company that's hosting your public web site and domain name and have
them setup an additional DNS name record that will point to your public IP
address for your server. In reality, that name does NOT have to include the
internal name you gave your server.
For example, lets say my internal server name is SBS1 and my external
website domain is www.xyz.com.
The record I create with my domain name could be server.xyz.com or
colin.xyz.com or sbs1.xyz.com or hey-you.xyz.com
It really doesn't matter -- what matters is that whatever 'name' you tell
your domain company to use, that it points to your public IP address.
--
Kevin Weilbacher [SBS-MVP]
"The days pass by so quickly now, the nights are seldom long"
"Colin" <co...@home.com> wrote in message
news:s4%Jg.108816$fV1....@fe1.news.blueyonder.co.uk...
The name you choose is what you want to use to access the SBS from
outside. It can be any valid hostname that has a DNS mapping to the public
IP associated with your SBS.
In practice this would likely be something based on your own internet
domains, but the key point is the DNS name to IP mapping.
Whatever name you decide to associate with your public IP would generally
also be the name you want for the MX records, and reverse DNS entry.
Though there's nothing to stop you having multiple names for the same
machine.
The internal name for your SBS has no relevance to the name you choose for
its' public face.
"anything.domain.co.uk" (other than www.) is fine. Even just
"domain.co.uk" is an option (as long as your domain DNS provider is
competent).
--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.
What may not be clear from other replies is that a web browser expects
to be offered a certificate matching the URL you gave it. This is
primarily to assure you that the site you connect to really is what
it claims to be. For commercial sites, the certificate would be
traceable to one of the big trust companies e.g. Verisign.
You'll be using a self-signed certificate i.e. one that is not
traceable in this way, but is derived from your SBS. If you connect
to one of the SBS HTTPS services from outside, such as Outlook Web
Access, your browser wants to see a certificate matching the URL,
and that is traceable. It will warn you if either isn't true. You
can look at the details of the certificate, and if you are happy
it's the SBS one, tell the browser to go ahead. To avoid doing this
every time, you need to both have the certificate match the URL
and install it in the browser, so it has a record of you trusting
it. If you give the certificate a name that doesn't match, you
will be warned each time you connect, even if it is installed.
So to minimise warnings, the certificate must match whatever you
type into your browser to reach the site. As you will be using
SMTP mail, you will have an external DNS record pointing at your
registered domain name. The URLs domain.tld and mail.domain.tld
should both point to your IP address, so either of these would be
acceptable for the certificate name, but traditionally the base
domain name would be used rather than the mail server. You'd
use the mail server name if you needed to use a certificate to
authenticate email connections, which you wouldn't with a public
email server.
Your server name shouldn't need to be visible in external DNS.
There's nothing actually stopping you asking for an additional
A record pointing to server.domain.tld, but it would still be
your single public IP address which would be linked to it, so
there's no point. There should be no possible circumstance under
which your server would need to addressed by this name. You only
actually refer to the server from inside the LAN, and it goes
under its internal FQDN then.
The www.domain.tld URL will point to your website, which hopefully
is hosted externally and won't concern you here.
Many thanks for all your detailed answers. That makes things a lot clearer.
Regards Colin.
"Joe" <j...@jretrading.com> wrote in message
news:eRMEy3tz...@TK2MSFTNGP05.phx.gbl...