I don't know if this is the correct forum to ask if someone thinks I should post in another forum let me know.
I'm using Weblogic 10.3 and in the development environment I have configured the HTTPS with a certificate issued to the FQDN of the host in the internal network, that is my certificate CN is hostname.organzation-name.local. For development purposes this is perfect and from the internal network we can use the website without problems.
No I'll have to configure the HTTPS for the Production server that is access from the Internet. I think the network people have a NAT Firewall. I'm not sure what they're using, but I'm almost sure it is not a HTTP Web Server in front of the Application Server and the external users access the application with an external IP. If I ask for a certificate issued to the internal FQDN or internal IP and install it in Weblogic the internal applications would be able to verify the identity of my server, but when a user connects using the web browser he/she will receive an error from the browser that the certificate does not match the address entered.
What should I do to prevent this? Should I request a certificate alternate subjects and include the external IP as an alternate subject or should I have different certificates? If I need to have different certificates how would I configure this in Weblogic?
If the clients are external, what prevents your organization (org) from associating a domain name / CNAME to the IP in question ? You can then create a self signed certificate bound to that domain name.
The certificate will be invalid to begin with since it is self signed. If it is not self signed no warning will be displayed.
[EDIT] You may also want to ask your org if the certificate will be installed on a web server / application server. That will give you an idea on which paths of the traffic are encrypted.
PS: I will move this to "general computing" for you