Category Archives: Web Tools & Testing

Use a Go Daddy SSL cert with DYNDNS site

How To:

  • Let’s say you like keeping as much money as possible and only spending what is necessary.
  • Let’s also say you like the idea of using an industry standard certificate that often has its Root and Intermediate certificates prepopulated in cell phones.

What Why Where?

  • Why DYNDNS?  …typically due to the business using a dynamic IP address
  • they hold the DNS name servers for their entire namespace which is how your DNS records can get instantly updated across the globe when your IP addy changes
  • …and you can have your ‘real’ domain name also registered and managed there using this same ‘instant-change’ DNS methodology
  • The cert offered by DYNDNS is overpriced at $99/yr.  Their other services are extremely price friendly so maybe this isn’t such a big deal.  …but then again it’s money you can keep
  • Go Daddy often has a Google Search keyword “security certificate” $12.99 SSL cert special.  This is the same cert they (Go Daddy) normally charge $45 for.  You can purchase from 1-5 years.

Hypothetical Site

  • your site:  rubberduckies.dyndns.com

your DYNDNS WHOIS information

  • it won’t be able to be seen by Go Daddy in order to send you the verification email
  • Why?  WHOIS queries only happen at the root domain level ….& the root domain DYNDNS.com isn’t owned by you
  • The Administrative Contact for that WHOIS query is hostmaster@dyndns.com which BTW isn’t you
  • http://whois.dyndns.com

DYNDNS Custom DNS

  • Let’s imaging you also paid for a real domain name “rubberduckies4vr.com” with DYNDNS and associate it with your rubberduckies.dyndns.com zone
  • It will have the same WHOIS information as above …and the same failed results for a SSL cert issuance validation step
  • you can set up your SSL cert with either domain name – that won’t be covered in this post …assuming you understand and would most benefit of using the rubberduckies4vr.com name

SSL certificate issuance steps

  • First step –generate a CSR (certificate signing request) – at your IIS server
  • Buy a cert – you are really buying a credit which later can get ‘managed’ into a real certificate – at GoDaddy
  • Manage the Certificate that is listed under your Go Daddy “My Products”
  • Use the cert credit – involves entering the CSR by cut-n-paste from the text file on your PC to the Go Daddy GUI
  • Cert goes to a state of ‘pending’
  • Go Daddy sends a validation email to the Administrator Contact which requires reception and a reply to prove you actually are authorized from the domain – …but that isn’t you (see WHOIS above) and you don’t get that email

When that fails (see above reason if you have forgotten) you **can** request that Go Daddy send you a 7 digit code to create a TXT record for validation

  • adding a DNS record into your domain proves you to be an authoritative person for the domain
  • Go Daddy must be called before they email you this
  • create the TXT record per their instructions
  • you manage your DNS records at DYNDNS (required when using a dynamic IP/DNS account) and that is where this TXT record gets entered

With that TXT alternate validation method in place you return to the Go Daddy certificate management portal and click the link for “What’s holding this up?”

  • you will see a window with a link to click to have Go Daddy use the TXT validation

Return to the cert portal and see if the cert has cleared all hurdles and is “issued”

If it isn’t you may have to wait for Go Daddy to manually review your site and request

  • I phoned and politely requested that it be moved to the top of the list – and so it went upwards to the top
  • took about an hour and your mileage may vary since there are a lot of unknown factors to a manual process …but it will get completed!

Download the certificate

A five year Go Daddy SSL cert just cost you $65.  Of course you could have spent $495 with DYNDNS.  Please send your grateful donation to me at your discretion. ;-D

Advertisements

SBS 2008 – More Virtual Labs …via TechNet

click picture to arrive at the below location and begin the free preconfigured and real running server labs

 

image

‘AddThis’ button for organic web content sharing

Bookmark and Share

image

I discovered the above button and pop out social sharing menu at the bottom of every blog post of a colleague of mine has on Blogger and thought ‘what a great idea!’.  So I’ve now figured out how to add one manually to a post.  Its a trick of copying the HTML code into the Source view and then go back to the edit view to finish the blog writing.  Next step is to encourage the Live Writer developers to generate a plug-in to add this to every post auto-magically.  This is how I discovered its use and would very much like to imitate this smart idea.

Thanks goes to SBS guru Sean Daniel who I now aggregate on the right column.

Create DNS Service Location (SRV) records for the Exchange Autodiscover service

In earlier blog posts I’ve discussed other DNS records such as the TXT SPF record.  This is a new but very important record that you will want in place for your domain.

Here’s a list of great resources that describe this in detail and include guidance to manually create and publish the record to whomever is hosting your DNS records for the domain.

  • Sean Daniels very good explanation with examples

    Both of those will fail in the default SBS case as the info is actually at https://remote.contoso.com/autodiscover. With Outlook 2007 SP1 and above, outlook adds a third check. It checks a SRV record, or service. When you run the Internet Address Management wizard with a partner, this SRV record is automatically set. It looks like:

    _autodiscover._tcp IN SRV 0 0 443 remote.contoso.com

  • This blog post goes into what the syntax means piece by piece …a tech deep dive meant to tie in their chat client software to Google Apps.  They do have a tester there too.  Realize that in the GoDaddy record wizard that for SBS you enter @ for the Name field which represents your domain name.
  • Susan Bradley post on the same including a Go Daddy creation guide
  • Microsoft KB 940881- A new feature is available that enables Outlook 2007 to use DNS Service Location (SRV) records to locate the Exchange Autodiscover service
  • Test your record here – https://www.testexchangeconnectivity.com/
  • double-check to ensure that it was correctly published by those hosting your domain’s DNS records – my fav http://www.intodns.com (but I don’t see SRV record reported) – tech sent me to http://network-tools.com but none of the tests there seemed to fit
  • An MX checker web-based tool

    On a recent blog post I had listed a couple of handy free admin tools in the vein of DNSstuff aka DNSreport.  Here is another great freebie for checking some basic MX stuff.  Find out if your mail server is a relay, if you have a reverse record, if you are on a blacklist, how fast the respond time is, and some other very useful information.   Plus you can’t beat the FREE cost.

    http://www.mxtoolbox.com

    The earlier post is here:  https://duitwithsbs.wordpress.com/2008/06/04/some-handy-web-tools-for-the-admin/