Discussion in 'Mac OS X Server, Xserve, and Networking' started by skerfoot, Feb 10, 2012.

  1. skerfoot macrumors member

    Feb 28, 2010
    I'm slowly working through all the ways to screw up a server.

    After struggling with internet connections to my home Lion server, I decided to do what I should have done to begin with and purchase a proper domain name and a security certificate (BTW, if you are going to change your domain name, do yourself a favour and reinstall Lion server and start fresh). I bought a domain name and security certificate from Network Solutions and DynDNS is tracking my dynamic IP.

    For a reason I don't understand, Network Solutions insisted that the domain name on my CSR be "", not "". This is causing some problems now that I'm trying to set up iCal accounts. When I'm at home, trying to set up a "" account results in complaints that the domain name isn't an exact match. I can tell it to permanently trust the certificate, of course. Using "" instead doesn't seem to result in a proper connection at all.

    From the internet (away from home), "" seems to work perfectly with no complaints at all.

    Some of the computers stay at home, but the macbook pro's and iPhones travel.

    Is there something that I should have done differently when setting up the security certificate and, more importantly, is there something that I'm going to regret not fixing now if I go on to set up everything?

  2. ninjadex macrumors 6502

    Jun 1, 2004
    Look into a wildcard certificate. They're generally more expensive, but will be valid for all subdomains on your server, including ""
  3. asmiller macrumors newbie

    Nov 5, 2004
    Network Solutions is part of the problem

    I have a bunch of domains registered at and there is no extra cost for "*". In fact you can specify sub-domains to point to different IP addresses, all from a pretty easy to use control panel. I don't work for Register or have any other connection to them, other than being a fairly happy customer.

    It should also be noted that they will negotiate renewal prices substantially down from their normal $35/yr. I mention what GoDaddy is doing when I renew and the get down to or very close to GoDaddy prices, $10-$12 a year.
  4. jtara macrumors 65816

    Mar 23, 2009
    Two different things. Domain registration != certificate.

    There is no such thing as a "wildcard" domain registration. Or, to put it another way, ALL domain registrations are "wildcard" registrations. You can create hosts or subdomains underneath your domain name, on your DNS server. And THAT has nothing to do with registration either, other than the fact that most registrars provide you with free DNS service, which you can use if you wish or else handle DNS elsewhere. So, USUALLY you create hosts/subdomains at your registrar, but not always.

    What the OP is talking about is a security certificate for SSL. A wildcard certificate will work for all hosts and subdomains in a domain. A regular certificate is only for a specific host. There is no reason a regular certificate can't be issued for

    Some issuers will now issue a certificate that works with and (NOT a wildcard, just these two) at no extra cost.
  5. rwwest7 macrumors regular

    Sep 24, 2011
    If your certificate is for then just rename your Lion server to www. "" is the domain and "www" is the computer name. Like others have said, a wildcard cert will let you create as many virtual hosts on your server as you want. But a standard cert MUST be tied to the one computer name (not domain name) you are buying it for. If your lion server is named bob then you would've needed a cert for

    You should also be able to "re-key" your cert by generating a new CSR. Just decide on a hostname for your server and then re-key under the new address.
  6. felixlvh macrumors newbie

    Feb 12, 2012
    i have created. but when i enter on browser.
    it goes to the other page instead of can you help?
  7. rwwest7 macrumors regular

    Sep 24, 2011
    #7 is a domain and not a host. is a host. You should not be creating a site that is just "". What is the hostname of your server? Or what is the virutal hostname of your site? Put that before to visit your site.
  8. Apple OC macrumors 68040

    Apple OC

    Oct 14, 2010
    #8 and are the same thing ... a place you can buy domains and buy hosting
  9. asmiller, Feb 12, 2012
    Last edited: Feb 13, 2012

    asmiller macrumors newbie

    Nov 5, 2004
    re: "What the OP is talking about is a security certificate for SSL," you're absolutely right, jtara. I misunderstood what the question was. Feeling like Emily Litella here. Nevermind.
  10. belvdr macrumors 603

    Aug 15, 2005
    No longer logging into MR
    I think you took rwwest7's post a bit too literally. He was using as an example.
  11. burne101 macrumors newbie

    Jan 19, 2010
    Wrong. A wildcard-cert is valid for anything with two dots in it: would be valid, but has a single dot and won't match * The technical story is more complex than that, but, this will do as an explanation.

    Some suppliers do give you a multiple hostname cert, which includes and, and these are even cheaper than wildcards and some vendors include them for free.
  12. rwwest7 macrumors regular

    Sep 24, 2011
    Sorry, didn't realize was a real website. How bout this, is a host named www in the domain.
  13. jtara macrumors 65816

    Mar 23, 2009
    There's absolutely nothing wrong with having a host at, rather than It's strictly a matter of preference. There has been a slow drift from www to non-www since the inception of the web. is BOTH a domain AND a host. When it is a host, it is referred-to as the "default host" for the domain. It actually took a few years for people to wrap their heads around this.

    I prefer non-www. The "www" serves no useful purpose, IMO.

    No matter what you do, you should arrange that BOTH www and non-www work. (At least for non-secure sites.) You should redirect to your preference. That is, if you prefer non-www, then also create a DNS entry for www, but have your webserver redirect to non-www, so that the URL bar will read non-www. Or vice-versa. I prefer to use an "A" record for both, rather than a CNAME for one. Actually, you CAN'T CNAME your default host - it must always use an A record. You can CNAME www, but I prefer not to.

    Now, there IS a trend going the OTHER way: I beleive that there is a drift toward for SSL. I think that banks, in particular, do this to help reinforce that you are connecting to their "secure site", since there's little visual distinction between "http" and "https", and nobody types-in the prefix any more, anyway.
  14. rwwest7 macrumors regular

    Sep 24, 2011
    I guess if your just running one server then using is fine. But most companies have more than one web page and it the proper way. Not to mention mail and other business services will the root domain for themselves.
  15. jtara macrumors 65816

    Mar 23, 2009
    There's nothing proper or improper with either approach.

    If you have multiple web sites or services, then it can make sense to use different hosts, like,,,, These might be different servers in different places, or might all be on the same physical server.

    Again, it's a matter of personal preference.
  16. belvdr, Feb 15, 2012
    Last edited: Feb 15, 2012

    belvdr macrumors 603

    Aug 15, 2005
    No longer logging into MR
    I would say it is a business requirement. For example, let's say the sites are all hosted on one machine. Atlanta can take an outage for a configuration change, but other sites can't for one reason or another. It would be best in this case to have them separate.

    Backing up the data could be a reason to go the other way and have it all on one host.

    I'd say personal preference would not even be considered in a business case.
  17. jtara macrumors 65816

    Mar 23, 2009
    I would include "business needs" in "personal preference". How you arrange DNS names doesn't impact your ability to partition or not partition the workload by using multiple physical boxes. Maybe it did 15 years ago, but not today.

    Google has thousands - probably hundreds of thousands of servers, globally distributed. They are all tied to a single domain name, (Yes, Google chooses to go with "www", and, yes, I know, an over-simplification, as they have country-specific sites as well.) has a more modest number of servers, but nevertheless still has multiple servers. They choose to drop the "www".

    It's up to you how you want it. The DNS address does not limit your technical options for partitioning workload. And your choices for partitioning workload do not impact the DNS addressing scheme you choose. (Except for very simplistic partitioning schemes, such as "www1, www2, etc.")

    Workload partitioning, redundancy, geographic distribution today are handled using a combination of technologies including DNS Anycast, round-robin DNS, proxy servers, etc. etc. etc.

    If you like "www" go with "www". If you don't, don't. Redirect from the one you don't like to the one you like.
  18. belvdr macrumors 603

    Aug 15, 2005
    No longer logging into MR
    Wow, never heard of that one. I prefer my database servers to be close to my office (personal preference), but business needs specify it must be at the client site. :)

    I wasn't applying any specifics about DNS configuration and operation to my statement.

Share This Page