External DNS domain mapping to internal AD domain causes a certificate error

Question

I have an external domain name of domain.com and an internal AD domain that is completely different, say name.prv. I have a dmz server with WS_FTP Server on it. I have mapped Fileshare.domain.com to the IP Address of the router which then NATs it to the internal server's IP Address. This all worked fine until the upgrade to WS_FTP Server 2017 which uses port 443. Now everyone gets a certificate error when going to http://fileshare.domain.com because the internal server is on a completely different named .prv domain.

Is there any way to get around this? I don't know much about websites so please explain thoroughly.

Thanks,

Use `example.com` and others in RFC2606 for documentation/obfuscation purposes. — Patrick Mevzek, Jan 05 '18 at 19:54

score 1 · Answer 1 · answered Jan 06 '18 at 20:20

The certificate must contain the name that the client uses to connect.

If different clients are using different names (ie. internal vs. external) then the certificate must contain both names.

Assuming your current certificate request mechanism already contains the internal server name, you need to amend your certificate request to contain a "Subject Alternative Name" (SAN) which matches the extra DNS name.

External DNS domain mapping to internal AD domain causes a certificate error

1 Answers1