Has anyone else set up a digital cert for this?
And would someone who unlike me is digital-cert-literate care to pitch in and comment, setting me straight?
When I ping wap-01 for example, it works fine and it lists the expected ipv4 address xx.yy.zz.251. However iOS Safari on my iPad whines at me when I attempt to browse to (simply) the address "
wap-01" or "
https://wap-01". I get this error message:
This connection is not private this website may be impersonating "wap-01" to steal your personal or financial information. You should go back to the previous page [Go Back].
Safari warns you when a website has a certificate that is not valid. To learn more you can [view the certificate]. If you understand the risks involved, you can [visit this website].
If I just follow the "visit this website" link then all is well. The full form of the domain name is
wap-01.myoffice.example.com (redacted) which is the target of CNAMEs and is the value returned by reverse domain lookup of
wap-01 and is shown as the full expansion in the list of ping-replies with returned ipv4 addresses. If I browse to the form https://
<full-form> then I get no problem at all.
I am wondering how to fix things so that every form works. Perhaps it’s just a bug in Safari?
—
If I use the form
http://<short-form> and let CNAMEs which I have set up do their thing, then all is well and it all works (and shows the padlock too). (I have changed the Safari settings, iirc, to auto-upgrade connections from http: to https: - I found something buried deep in settings somewhere.) So for example
http://wap1 or
http://wap01 or
http://wap-1 or
http://wap-01 all work, so I believe, if memory serves. The padlock shows in the address bar line, despite the fact that I did not specify https: myself, and the browser address line changes to show the
literal ipv4 address when I specify say
http://wap1.