Have both Hostname and FQDN in SSL Certificate on IIS

windows certificate https ssl iis

Solution 1:

A fundamental underlying principal of certificates is trust. Trust requires identifying the parties involved (server and/or client), by specifying a fully-qualified name. A single-label name does not fulfill the identity requirement, and therefore cannot be trusted. Certificate Authorities should not issue and applications should not trust single-label names.

You should not use single-label names to connect to services that use certificates, you should use the fully-qualified name that matches the certificate instead.

Solution 2:

Yes, is possible.

You need to create a certificate with two Subject Alternative Names (SAN) fields. One with "citrix" and the other with "citrix.contoso.com". I would keep the CN to citrix.contoso.com but have in mind that the CN field is ignored if your certificate has SAN fields. To create a certificate with SAN fields follow Microsoft instructions How to Request a Certificate With a Custom Subject Alternative Name

Related

Is there a GPO or registry tweak to show taskbar buttons on taskbar where windows is open?
How to change filename on the fly depending on the title args - nginx rewrite
RHEL 7.2: using realm to join AD domain
Php 7 opcache v php 5.6 xcache
How can I fix Samba 3.6.25 "the trust relationship between this workstation and the primary domain failed" error?
gitlab SSL configuration / certificate verification failed
SSH fallback to local account if Radius server isn't available
Get witness disk current vote via PowerShell
Samba TLS Setup
Forward traffic between VLANs with iptables
Passing Authorization Basic Headers Along in Proxy
Cloud Formation template add ingress rule to existing security group