Q: I have enabled redirect to hostname under general>http in the BSC but clients are still being redirected to an ip address. I am receiving a certificate name mismatch error in the browser.
A: Examples of the browser error:
Internet Explorer: "The security certificate presented by this website was issued for a different website's address".
Firefox: "192.168.130.1 uses an invalid security certificate. The certificate is only valid for: bsc1.bluesocket.com".
Safari: "This certificate is not valid (host name mismatch)".
Why is redirect to hostname not functioning and why am I receiving a certificate name mismatch error in the browser?
Redirect to hostname requires both an A record (forward) and PTR record (reverse) in your organizations DNS server for the BSC's Fully Qualified Domain Name (FQDN) and the protected interface IP address. The FQDN entered in your DNS server must match the common name (FQDN) you used when generating the CSR. Check to make sure you have BOTH these records in your organizations DNS server. If redirect to hostname is enabled and not functioning it is likely you are missing the PTR.
To test the PTR perform an nslookup from the command prompt of a client for the protected interface IP address. You should be returned the FQDN. Assuming the client is using the same DNS server configured on the protected interface of the BSC. For example C:\>nslookup 192.168.130.1 assuming 192.168.130.1 is the protected interface IP address. If not, add the PTR, test with nslookup to confirm, and then reboot the BSC. The BSC queries the PTR during boot and redirects users to what is returned going forward. The name in the url bar of the browser must match the common name (FQDN) you used when generating the CSR or you will receive a certificate name mismatch error in the browser.