Xjyuk

How to avoid offending original culture when making conculture inspired from original

Can I appeal credit ding if ex-wife is responsible for paying mortgage?

Interview was just a one hour panel. Got an offer the next day; do I accept or is this a red flag?

Do items with curse of vanishing disappear from shulker boxes?

IIS LAN and WAN separate SSL certificates for the same server

Background for black and white chart

Struggling to present results from long papers in short time slots

How many times to repeat an event with known probability before it has occurred a number of times

New Site Design!

How to know whether to write accidentals as sharps or flats?

Converting 3x7 to a 1x7. Is it possible with only existing parts?

Leveling up and Getting Items!

Fastest path on a snakes and ladders board

Idiom for 'person who gets violent when drunk"

How can religions without a hell discourage evil-doing?

Does anyone recognize these rockets, and their location?

How can Caller ID be faked?

Why did the USA sell so many airplanes prior to WW2?

Creating polygon with exact measurements in QGIS 3

Why is Skinner so awkward in Hot Fuzz?

Why can't we feel the Earth's revolution?

Does PC weight have a mechanical effect?

Should I email my professor to clear up a (possibly very irrelevant) awkward misunderstanding?

How can I improve readability and length of a method with many if statements?

IIS LAN and WAN separate SSL certificates for the same server

Multiple SSL certificates to access one ASP.NET application in IISIf I re-key a SSL certificate for a 2nd/backup server, does the original still work?Configure one IIS site to handle two separate SSL certificates using external Load Balancing or SSL Acceleration ServersMultiple SSL certificates to access one ASP.NET application in IISMust CSRs be generated on the server that will host the SSL certificate?SNI and wildcard SSL certificates on the same server with IISWindows Home Server 2011 and SSL certificatesHow to configure HAProxy for multiple SSL-CertificatesHow to setup SSL on an IIS development server?How Do I Migrate SSL Certificates from an NGINX web server to IIS?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

2

I have a public web server that's also extensively used from the LAN. We're standing up a Windows AD CA server for the LAN side but we'll also need a public SSL Certificate for the web server. The website url resolves to the interal ip on the LAN so I'm assuming I'll need to have both a public certificate and a lan certificate installed at the same time.

How can this be accomplished?

iis windows-server-2012-r2 ssl-certificate local-area-network wide-area-network

share|improve this question

asked 10 hours ago

RobofanRobofan

133

New contributor

Robofan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

2

I have a public web server that's also extensively used from the LAN. We're standing up a Windows AD CA server for the LAN side but we'll also need a public SSL Certificate for the web server. The website url resolves to the interal ip on the LAN so I'm assuming I'll need to have both a public certificate and a lan certificate installed at the same time.

How can this be accomplished?

iis windows-server-2012-r2 ssl-certificate local-area-network wide-area-network

share|improve this question

asked 10 hours ago

RobofanRobofan

133

New contributor

Robofan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

I have a public web server that's also extensively used from the LAN. We're standing up a Windows AD CA server for the LAN side but we'll also need a public SSL Certificate for the web server. The website url resolves to the interal ip on the LAN so I'm assuming I'll need to have both a public certificate and a lan certificate installed at the same time.

How can this be accomplished?

iis windows-server-2012-r2 ssl-certificate local-area-network wide-area-network

share|improve this question

asked 10 hours ago

RobofanRobofan

133

New contributor

Robofan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 10 hours ago

RobofanRobofan

133

New contributor

Robofan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 10 hours ago

RobofanRobofan

133

New contributor

Robofan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 10 hours ago

RobofanRobofan

133

New contributor

Robofan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 10 hours ago

RobofanRobofan

133

2 Answers
2

active

oldest

votes

5

You can use single public certificate for both, external and internal clients. There is no need to use separate certificate for internal clients. Keep things simple.

share|improve this answer

answered 9 hours ago

Crypt32Crypt32

3,6921926

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So the certificate is by domain and does not contain the IP?
  
  – Robofan
  9 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  yes, all clients connect to server by a public name specified in the certificate.
  
  – Crypt32
  9 hours ago
  

  
  
  
  

add a comment | 

0

You can't use different certificates for the same website (*). Use a public certificate, internal clients will trust it just fine.

(*) There are workarounds, but they are quite cumberstome and you shouldn't use them unless absolutely required.

share|improve this answer

answered 9 hours ago

MassimoMassimo

53.5k44172288

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Technically you can. You can bind a different certificate for each IP and With SNI you can use different certificate for each domain on the same IP.
  
  – yeya
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @yeya As I was saying, there are workarounds :) You can have multiple websites hosting the same content on different IPs with different certificates, or you can use a reverse proxy to externally publish with a public certificate an internal web site which uses a private one. But my point was, unless you actually need different certificates for internal and external users, this is complex and useless.
  
  – Massimo
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @Massimo, I may have to set up a L4 proxy at some point in the future to support differing content policies. If that becomes the case, would it just be a matter of using some command in a server block in nginx to choose which cert to serve?
  
  – Robofan
  1 hour ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

Robofan is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f971334%2fiis-lan-and-wan-separate-ssl-certificates-for-the-same-server%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

5

You can use single public certificate for both, external and internal clients. There is no need to use separate certificate for internal clients. Keep things simple.

share|improve this answer

answered 9 hours ago

Crypt32Crypt32

3,6921926

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So the certificate is by domain and does not contain the IP?
  
  – Robofan
  9 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  yes, all clients connect to server by a public name specified in the certificate.
  
  – Crypt32
  9 hours ago
  

  
  
  
  

add a comment | 

5

You can use single public certificate for both, external and internal clients. There is no need to use separate certificate for internal clients. Keep things simple.

share|improve this answer

answered 9 hours ago

Crypt32Crypt32

3,6921926

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So the certificate is by domain and does not contain the IP?
  
  – Robofan
  9 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  yes, all clients connect to server by a public name specified in the certificate.
  
  – Crypt32
  9 hours ago
  

  
  
  
  

add a comment | 

You can use single public certificate for both, external and internal clients. There is no need to use separate certificate for internal clients. Keep things simple.

share|improve this answer

answered 9 hours ago

Crypt32Crypt32

3,6921926

share|improve this answer

answered 9 hours ago

Crypt32Crypt32

3,6921926

answered 9 hours ago

Crypt32Crypt32

3,6921926

answered 9 hours ago

Crypt32Crypt32

3,6921926

0

You can't use different certificates for the same website (*). Use a public certificate, internal clients will trust it just fine.

(*) There are workarounds, but they are quite cumberstome and you shouldn't use them unless absolutely required.

share|improve this answer

answered 9 hours ago

MassimoMassimo

53.5k44172288

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Technically you can. You can bind a different certificate for each IP and With SNI you can use different certificate for each domain on the same IP.
  
  – yeya
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @yeya As I was saying, there are workarounds :) You can have multiple websites hosting the same content on different IPs with different certificates, or you can use a reverse proxy to externally publish with a public certificate an internal web site which uses a private one. But my point was, unless you actually need different certificates for internal and external users, this is complex and useless.
  
  – Massimo
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @Massimo, I may have to set up a L4 proxy at some point in the future to support differing content policies. If that becomes the case, would it just be a matter of using some command in a server block in nginx to choose which cert to serve?
  
  – Robofan
  1 hour ago
  

  
  
  
  

add a comment | 

0

You can't use different certificates for the same website (*). Use a public certificate, internal clients will trust it just fine.

(*) There are workarounds, but they are quite cumberstome and you shouldn't use them unless absolutely required.

share|improve this answer

answered 9 hours ago

MassimoMassimo

53.5k44172288

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Technically you can. You can bind a different certificate for each IP and With SNI you can use different certificate for each domain on the same IP.
  
  – yeya
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @yeya As I was saying, there are workarounds :) You can have multiple websites hosting the same content on different IPs with different certificates, or you can use a reverse proxy to externally publish with a public certificate an internal web site which uses a private one. But my point was, unless you actually need different certificates for internal and external users, this is complex and useless.
  
  – Massimo
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @Massimo, I may have to set up a L4 proxy at some point in the future to support differing content policies. If that becomes the case, would it just be a matter of using some command in a server block in nginx to choose which cert to serve?
  
  – Robofan
  1 hour ago
  

  
  
  
  

add a comment | 

You can't use different certificates for the same website (*). Use a public certificate, internal clients will trust it just fine.

(*) There are workarounds, but they are quite cumberstome and you shouldn't use them unless absolutely required.

share|improve this answer

answered 9 hours ago

MassimoMassimo

53.5k44172288

share|improve this answer

answered 9 hours ago

MassimoMassimo

53.5k44172288

answered 9 hours ago

MassimoMassimo

53.5k44172288

answered 9 hours ago

MassimoMassimo

53.5k44172288