/build/static/layout/Breadcrumb_cap_w.png

is it possible to make tickets and SSO work when the domain in the certificate signing request is different from the webserver name of the K1 appliance?

Hello my people.


I have an issue with the k1 I need help with.

In summary...... let say for example my k1 is named......  "myk1.company.com".

Our ADDS domain is "company.com".

Everything was working fine. Tickets were ok..... (ticket notification emails were ok with URLs to the

tickets showing "myk1.company.com/userui/ticket?ID=153258") 

SSO was also enabled and working fine. K1 was joined to company.com.  

Now the issue started when management wanted to enable SSL for external clients

over the internet. Also they wanted the clients to login with Support.help.com.

(This is more user-friendly to our poor clients......).

So in the SSL certificate for I created a cert signing request using Support.help.com.

We've purchased a third-party cert for Support.help.com , the certificate has been

uploaded to the k1 and SSL enabled.

Now comes the issue,  Ticket links within emails no longer work. The url...myk1.company.com/userui/ticket?ID=153258

will no longer work. I assume because the link is generated from the k1 webserver name which is  "myk1.company.com",

while SSL is waiting for "Support.help.com/userui/ticket?ID=153258". So certificate errors are being thrown about.

SSO is also not working anymore. Using the new Support.help.com requests a login from users.

While using the old myk1.company.com logs in  automatically with SSO but also throws a certificate error.

So the question is...  is it possible to make tickets and SSO work when the domain in the certificate signing

request is different from the webserver name of the K1 appliance.




0 Comments   [ + ] Show comments

Answers (1)

Posted by: KevinG 3 years ago
Red Belt
0

If I understand correctly the reported issue, you may be able to solve this in DNS.
DNS
 has CNAME records (a.k.a. aliases) which is a name pointing to another name. The translation from name to name to IP all happens in the background and your browser only cares about the initial name. 
The certificate name must match what the user entered in the browser.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ