We have:
The problem crops up on two fronts:
Can I just resolve this by changing a DNS entry and have view.victorschools.org point towards 10.121.125.110 which is the internal IP address of the security server? Of course this will make any student with a personal device point towards our security server whether at home or at school. I know we want internal devices to point towards the broker and external clients to point towards the security server. Here is a discussion of the same thing I am experiencing minus the SSL cert issue.
http://communities.vmware.com/thread/431399
I know that windows CA can generate certs with Subject Alternative Names (SAN). Can we generate a cert from our Window CA for broker.vcs.local and view.victorschools.org and install it on the broker server to solve this?
Change the SSL on broker to a SAN certificate.
If you route everything through the Security server, you are creating a single-point of failure, not to mention a network bottleneck.
Would it be possible to add another zone on the internal dns with the name view.victorschools.org and point that to your internal connection broker?
Then you also need the certificate with the san as you wrote.
// Linjo
Change the SSL on broker to a SAN certificate.
If you route everything through the Security server, you are creating a single-point of failure, not to mention a network bottleneck.
I generated another cert for my broker server specifying both broker.vcs.local and view.victorschools.org. Imported into the Broker cert store, restarted services and that did the trick. Thanks for the help