Security Server - we purchased a cert, view.victorschools.org, from GoDaddy. External DNS entry for view.victorschools.org points towards 209.68.96.26
Broker - we have an internal Windows CA setup and issued a cert with a name of broker.vcs.local and a Subject Alternative Name (SAN) of view.victorschools.org. Internal DNS entry for broker.vcs.local and view.victorschools.org points toward 10.121.125.107
How is split DNS and certs handled correctly? I want to point clients towards view.victorschools.org whether they are internal/external or district owned/personal and have it just work. I could have them turn off certificate verification in the client but this is one more thing a person would have to do. I am not even sure if cert checking is somethign that can be turned off on the iPad client.
The latest version of the View Client v2.0 for iPAD now has the option to turn off certificate validation.
As for the original question, I'm not sure I can help with that.
Thanks for the reply. While turning off cert validation will work, I would really like to make this work without having to do this
You need to add a SAN for your connection server(s) into the view.victorschools.org cert as View will only use one certificate, the one with the "vdm" friendly name. Todo this you will need to purchase a UCC or multi-use certificate. The other issue you will have though, if you have two connection servers, one paired with the security server and another accepting internal traffic, is that your internal split DNS will be pointing to the external and therefore routing all internal requests for view.victorschools.org to your external. The only way I've found around this is to add host file entries on the Security Server and paired Connection Server for the external IP for the external DNS. Hope that makes sense.
Phil
