Tools like PRTG Network Monitor and Spiceworks might be things you want to access securely inside of your LAN.
When this occurs you change to Secure HTTP (or HTTPS). This however can bring about some problems, especially the inability to make a direct shortcut to the website (Pinning the site in Windows 7 for instance). The reason this occurs is for safety, how is the web browser to know that the site or server you are connecting to really belongs to this Intranet? The answer lies in the security certificate and Fully Qualified Domain Name (FQDN).
Sites and servers with a web interface do not, by default, setup the FQDN on your DNS host.
To do this and solve the restrictions prompted by browsers like IE9 but keep security intact follow these instructions.
- Make sure the site or server has a registered host name
- Add the host name to your DNS servers Forward Lookup list
- Re-navigate to the website using the fully qualified domain name instead of an IP address or hostname (ex. Spiceworks.testcompany.com)
- Re-Pin or Shortcut the HTTPS website
After following these steps you will no longer be prompted to only close the webpage when accessed. FQDN rules also apply when accessing sites and servers from the Internet through firewalls using HTTPS, in most cases you will need to change your A Record on your domain host to point to the correct IP/Port.
Edit (7/6/12): I should also add that in some cases doing the previous will still not allow for pinning of websites, at that point the issue lies in the publisher of the certificate. To resolve this issue you will need to purchase a verified certificate from a company like VeriSign and have it installed on the server. I will continue to look for other work around's and will post them as they are found (and link to them in this article).
Edit (7/6/12): I should also add that in some cases doing the previous will still not allow for pinning of websites, at that point the issue lies in the publisher of the certificate. To resolve this issue you will need to purchase a verified certificate from a company like VeriSign and have it installed on the server. I will continue to look for other work around's and will post them as they are found (and link to them in this article).
No comments:
Post a Comment