DNS entry settings for SSL

[click]

Hello. I have "inherited" a project with a whole bunch of clients and one of them has a particular problem. We have a hosting/reseller account and we host their website. Usually on most of the other users their mail resides at the hosting facility. This particular client has an exchange server so we have an DNS MX entry to point to their mail server. The client insists that they connect through https instead of http when they type

http://mail.fakeclient.org

it takes them to their mail server all right, but when they type

https://mail.fakeclient.org

they get a note about the certificate and then they click on continue, but all they get is an index listing of the hosting site. I know that this is probably really simple to set up, but I can't find an example anywhere to help me with the DNS entry for the SSL to point to their server. I would appreciate any help.

Edit DNS Zone
Editting zone fakeclient.org
Domain TTL Record Type

fakeclient.org 14400 IN SOA nsXX.ourhostingco.com

fakeclient.org 14400 IN NS nsXX.ourhostingco.com
fakeclient.org 14400 IN NS nsXX.ourhostingco.com
fakeclient.org 14400 IN A 67.xx.xx.xx
localhost 14400 IN A 127.0.0.1
mx-74-xx-xx-xx 14400 IN A 74.xx.xx.xx
fakeclient.org 14400 IN MX 0 mx-74-xx-xx-xx.fakeclient.org
www 14400 IN CNAME fakeclient.org
ftp 14400 IN A 67.xx.xx.xx
fakeclient.org 14400 IN TXT "v=spf1 a mx includeurhostingco.com ~all"
mail 14400 IN A 67.xx.xx.xx

http://www.mail

14400 IN A 67.xx.xx.xx
remote 14400 IN A 67.xx.xx.xx

http://www.remote

14400 IN A 67.xx.xx.xx

 

[elgrandeperro]

When you type in

http://mail.fakeclient.org,

does the server "rewrite"/redirect the URL?

I think you might be getting to the same page or index via https. You probably need to fix the cert problem, but that isn't what is stopping you, nor the DNS setting.

 

[click]

I'm not sure what you mean by "redirect" there is no redirect note as I have seen in some websites that take you somewhere else... It just goes to the clients "office" server, and asks you to login. When you put the https is when it pouts about the certificate, and then it goes to the hosting site. Click.

 

[elgrandeperro]

Are you using a port redirector? Is the ip for the "hosting site" totally different from the IP for exchange?

 

[ShackDaddy]

I agree that this isn't a DNS issue. It's either a host header issue (not likely) or a redirect issue. I assume that the IP for "mail" is that of the hosting server, right? That server has a redirect that works for http but doesn't seem to work for https.

When you get the certificate error, stop and don't go further. Check the certificate name. Does it say "mail.fakeclient.com" or does it say "remote.fakeclient.com"? Are the IP's for "remote" and "mail" the same? If they aren't and if it says the latter, then the users should be going to

https://remote.fakeclient.com

for their web mail. I suspect that the client is using a Windows Small Business Server, and I work with that a lot.

Dave Shackelford
Shackelford Consulting

 

[ITPangaeaArchitect]

actually you need to add a subject alternative name to the certificate that matches the fqdn of the server. that will prevent the name mismatch error that gives the continue button (you never mentioned the exact page they get, but name mismatch is most common, so i am assuming here). the end.

-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+