configure https in multiple domain

%3CLINGO-SUB%20id%3D%22lingo-sub-2659857%22%20slang%3D%22en-US%22%3Econfigure%20https%20in%20multiple%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2659857%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%20all%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethe%20right%20description%20of%20my%20situation%20si%3A%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CSPAN%3Ei%20have%20two%20domains%2C%20in%20the%20first%20one%20i%20have%20the%20database%2C%20the%20site%20system%2C%20distribution%20point%2C%20management%20point%2C%20software%20update%20point%20and%20so%20on.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EIn%20the%20other%20domain%20that%20is%20in%20DMZ%2C%20i%20have%20installed%20this%20role%3A%20site%20system%2C%20management%20point%2C%20distribution%20point%2C%20component%20server.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EAll%20works%20fine%20in%20http%20configuration%2C%20now%20for%20enhance%20the%20security%20we%20have%20to%20switch%20the%20communication%20in%20HTTPS.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EIn%20the%20first%20domain%20we%20have%20a%20PKI%20that%20actually%20is%20not%20used%20by%20SCCM%20and%20Clients.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EThe%20sysadmin%20has%20just%20installed%20a%20PKI%20in%20DMZ%2C%20so%20we%20can%20use%20the%20automatic%20enroll%20of%20the%20certificate.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EI%20read%20a%20lot%20of%20page%20about%20this%20argument%20but%20I%20have%20a%20big%20doubt%2C%20I%20ave%20to%20export%20the%20web%20server%20certificate%20to%20the%20server%20in%20DMZ%20or%20i%20can%20generate%20the%20certificate%20for%20the%20web%20server%20in%20DMZ%20without%20problem%3F%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EMy%20step%20for%20gain%20HTTPS%20communication%20is%3A%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EGenerate%20the%20client%20certificate%20with%20autoenroll%20for%20every%20domain.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EGenerate%20web%20server%20certificate%20for%20the%20primary%20domain%20and%20switch%20the%20communication%20from%20HTTP%20to%20HTTPS.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EGenerate%20web%20server%20certificate%20for%20the%20other%20domain%20and%20switch%20the%20communication%20from%20HTTP%20to%20HTTPS.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EIs%20that%20right%20or%20I'm%20missing%20something%20%3F%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EBest%20Regards%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EMassimo%20Riboli%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20Regards%26nbsp%3B%3C%2FP%3E%3CP%3EMassimo%20Riboli%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi all,

 

the right description of my situation si:


i have two domains, in the first one i have the database, the site system, distribution point, management point, software update point and so on.
In the other domain that is in DMZ, i have installed this role: site system, management point, distribution point, component server.
All works fine in http configuration, now for enhance the security we have to switch the communication in HTTPS.
In the first domain we have a PKI that actually is not used by SCCM and Clients.
The sysadmin has just installed a PKI in DMZ, so we can use the automatic enroll of the certificate.
I read a lot of page about this argument but I have a big doubt, I ave to export the web server certificate to the server in DMZ or i can generate the certificate for the web server in DMZ without problem?

My step for gain HTTPS communication is:

Generate the client certificate with autoenroll for every domain.
Generate web server certificate for the primary domain and switch the communication from HTTP to HTTPS.
Generate web server certificate for the other domain and switch the communication from HTTP to HTTPS.
Is that right or I'm missing something ?

Best Regards
Massimo Riboli

 

Best Regards 

Massimo Riboli

0 Replies