Mdthbs

Why not make one big CPU core?

The title "Mord mit Aussicht" explained

The last tree in the Universe

Is it unethical to quit my job during company crisis?

Converting 3x7 to a 1x7. Is it possible with only existing parts?

Was the Lonely Mountain, where Smaug lived, a volcano?

100-doors puzzle

Difference between "drift" and "wander"

Can a 40amp breaker be used safely and without issue with a 40amp device on 6AWG wire?

Basic power tool set for Home repair and simple projects

At zero velocity, is this object neither speeding up nor slowing down?

How do credit card companies know what type of business I'm paying for?

Idiom for 'person who gets violent when drunk"

Reflecting Telescope Blind Spot?

Struggling to present results from long papers in short time slots

Fastest path on a snakes and ladders board

I sent an angry e-mail to my interviewers about a conflict at my home institution. Could this affect my application?

Is it possible to install Firefox on Ubuntu with no desktop enviroment?

Is there a term for someone whose preferred policies are a mix of Left and Right?

What made the Ancient One do this in Endgame?

Background for black and white chart

Is it possible to have battery technology that can't be duplicated?

What is the color associated with lukewarm?

How to ask if I can mow my neighbor's lawn

IIS LAN and WAN separate SSL certificates for the same server

Multiple SSL certificates to access one ASP.NET application in IISIf I re-key a SSL certificate for a 2nd/backup server, does the original still work?Configure one IIS site to handle two separate SSL certificates using external Load Balancing or SSL Acceleration ServersMultiple SSL certificates to access one ASP.NET application in IISMust CSRs be generated on the server that will host the SSL certificate?SNI and wildcard SSL certificates on the same server with IISWindows Home Server 2011 and SSL certificatesHow to configure HAProxy for multiple SSL-CertificatesHow to setup SSL on an IIS development server?How Do I Migrate SSL Certificates from an NGINX web server to IIS?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

1

I have a public web server that's also extensively used from the LAN. We're standing up a Windows AD CA server for the LAN side but we'll also need a public SSL Certificate for the web server. The website url resolves to the interal ip on the LAN so I'm assuming I'll need to have both a public certificate and a lan certificate installed at the same time.

How can this be accomplished?

iis windows-server-2012-r2 ssl-certificate local-area-network wide-area-network

share|improve this question

asked 8 hours ago

RobofanRobofan

83

New contributor

Robofan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

1

I have a public web server that's also extensively used from the LAN. We're standing up a Windows AD CA server for the LAN side but we'll also need a public SSL Certificate for the web server. The website url resolves to the interal ip on the LAN so I'm assuming I'll need to have both a public certificate and a lan certificate installed at the same time.

How can this be accomplished?

iis windows-server-2012-r2 ssl-certificate local-area-network wide-area-network

share|improve this question

asked 8 hours ago

RobofanRobofan

83

New contributor

Robofan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

I have a public web server that's also extensively used from the LAN. We're standing up a Windows AD CA server for the LAN side but we'll also need a public SSL Certificate for the web server. The website url resolves to the interal ip on the LAN so I'm assuming I'll need to have both a public certificate and a lan certificate installed at the same time.

How can this be accomplished?

iis windows-server-2012-r2 ssl-certificate local-area-network wide-area-network

share|improve this question

asked 8 hours ago

RobofanRobofan

83

New contributor

Robofan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 8 hours ago

RobofanRobofan

83

New contributor

Robofan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 8 hours ago

RobofanRobofan

83

New contributor

Robofan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 8 hours ago

RobofanRobofan

83

New contributor

Robofan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 8 hours ago

RobofanRobofan

83

2 Answers
2

active

oldest

votes

3

You can use single public certificate for both, external and internal clients. There is no need to use separate certificate for internal clients. Keep things simple.

share|improve this answer

answered 7 hours ago

Crypt32Crypt32

3,6721926

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So the certificate is by domain and does not contain the IP?
  
  – Robofan
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  yes, all clients connect to server by a public name specified in the certificate.
  
  – Crypt32
  7 hours ago
  

  
  
  
  

add a comment | 

0

You can't use different certificates for the same website (*). Use a public certificate, internal clients will trust it just fine.

(*) There are workarounds, but they are quite cumberstome and you shouldn't use them unless absolutely required.

share|improve this answer

answered 7 hours ago

MassimoMassimo

53.5k44172288

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Technically you can. You can bind a different certificate for each IP and With SNI you can use different certificate for each domain on the same IP.
  
  – yeya
  6 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @yeya As I was saying, there are workarounds :) You can have multiple websites hosting the same content on different IPs with different certificates, or you can use a reverse proxy to externally publish with a public certificate an internal web site which uses a private one. But my point was, unless you actually need different certificates for internal and external users, this is complex and useless.
  
  – Massimo
  5 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

Robofan is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f971334%2fiis-lan-and-wan-separate-ssl-certificates-for-the-same-server%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

3

You can use single public certificate for both, external and internal clients. There is no need to use separate certificate for internal clients. Keep things simple.

share|improve this answer

answered 7 hours ago

Crypt32Crypt32

3,6721926

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So the certificate is by domain and does not contain the IP?
  
  – Robofan
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  yes, all clients connect to server by a public name specified in the certificate.
  
  – Crypt32
  7 hours ago
  

  
  
  
  

add a comment | 

3

You can use single public certificate for both, external and internal clients. There is no need to use separate certificate for internal clients. Keep things simple.

share|improve this answer

answered 7 hours ago

Crypt32Crypt32

3,6721926

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So the certificate is by domain and does not contain the IP?
  
  – Robofan
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  yes, all clients connect to server by a public name specified in the certificate.
  
  – Crypt32
  7 hours ago
  

  
  
  
  

add a comment | 

You can use single public certificate for both, external and internal clients. There is no need to use separate certificate for internal clients. Keep things simple.

share|improve this answer

answered 7 hours ago

Crypt32Crypt32

3,6721926

share|improve this answer

answered 7 hours ago

Crypt32Crypt32

3,6721926

answered 7 hours ago

Crypt32Crypt32

3,6721926

answered 7 hours ago

Crypt32Crypt32

3,6721926

0

You can't use different certificates for the same website (*). Use a public certificate, internal clients will trust it just fine.

(*) There are workarounds, but they are quite cumberstome and you shouldn't use them unless absolutely required.

share|improve this answer

answered 7 hours ago

MassimoMassimo

53.5k44172288

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Technically you can. You can bind a different certificate for each IP and With SNI you can use different certificate for each domain on the same IP.
  
  – yeya
  6 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @yeya As I was saying, there are workarounds :) You can have multiple websites hosting the same content on different IPs with different certificates, or you can use a reverse proxy to externally publish with a public certificate an internal web site which uses a private one. But my point was, unless you actually need different certificates for internal and external users, this is complex and useless.
  
  – Massimo
  5 hours ago
  

  
  
  
  

add a comment | 

0

You can't use different certificates for the same website (*). Use a public certificate, internal clients will trust it just fine.

(*) There are workarounds, but they are quite cumberstome and you shouldn't use them unless absolutely required.

share|improve this answer

answered 7 hours ago

MassimoMassimo

53.5k44172288

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Technically you can. You can bind a different certificate for each IP and With SNI you can use different certificate for each domain on the same IP.
  
  – yeya
  6 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @yeya As I was saying, there are workarounds :) You can have multiple websites hosting the same content on different IPs with different certificates, or you can use a reverse proxy to externally publish with a public certificate an internal web site which uses a private one. But my point was, unless you actually need different certificates for internal and external users, this is complex and useless.
  
  – Massimo
  5 hours ago
  

  
  
  
  

add a comment | 

You can't use different certificates for the same website (*). Use a public certificate, internal clients will trust it just fine.

(*) There are workarounds, but they are quite cumberstome and you shouldn't use them unless absolutely required.

share|improve this answer

answered 7 hours ago

MassimoMassimo

53.5k44172288

share|improve this answer

answered 7 hours ago

MassimoMassimo

53.5k44172288

answered 7 hours ago

MassimoMassimo

53.5k44172288

answered 7 hours ago

MassimoMassimo

53.5k44172288