Wireless LAN
Reply
Contributor
hutchingsp
Posts: 90
Registered: ‎05-03-2009
0

Replacing MX SSL Certificate?

When our MX was installed it was setup to use https://web.portal as the portal FQDN.

 

The cert is now up for renewal.  I don't really want to be paying Thawte for an SSL123 cert (the only vendor I know of that issues "intranet" certs for non internet-facing FQDN's).

 

Is there any issue with using a portal name like wifi.ourdomain.com where ourdomain.com is our public facing domain name?

 

Obviously wifi.ourdomain.com wouldn't exist in our public DNS.

 

Thanks,

Paul

Contributor
aaron.howard@uni.edu
Posts: 38
Registered: ‎12-03-2011
0

Re: Replacing MX SSL Certificate?

That's the way I have three of our mx2800s configured. It works flawlessly. Be sure to add your intermediate ca certificates if you need them for validation. 

Contributor
hutchingsp
Posts: 90
Registered: ‎05-03-2009
0

Re: Replacing MX SSL Certificate?

Thanks Aaron.  Now I'm on 7.5 it seems I can disable SSL for the portal whilst doing the cutover, which is nice as it seems you can't renew a cert on an MX, only replace, which means a day or so of cert warnings whilst I wait for the CA to issue the cert.

 

My plan was to use a Godaddy (Starfield) cert so I'm aware I need to install the CA bundle, the main thing was ensuring that there's no issue using webportal.domain.com or a similar FQDN that references our public DNS.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.