Solved

Managing Exchange Certificates with Multiple Domain's

Posted on 2007-11-14
7
1,217 Views
Last Modified: 2012-08-14
Hi Guys,

I have another Exchange issue!

We have a customer with Exchange 07. The Exchange server manages currently two external domains, with plans for a third. Lets say they are 123.com and 321.com. The internal domain is 123.local.

We want users to use Outlook Anywhere from both inside and outside the office, im a confused as to how to manage the certificates. We have configured the Outlook Anywhere settings to use the FQDN of 123.com, however when we connect internally it gives a certificate error and shows 123.local. Does this mean we need a certificate for 123.local? Is this possible?

If a user has an email address on 321.com, do they need to put the exchange name as 123.com? If we want to use 321.com, do we need a multidomain certificate? Is this possible?

Thanks in Advance
0
Comment
Question by:The_R0CK
  • 3
  • 2
7 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 20287844
Exchange 2007 generates its own certificate, using the server's local name. You need to replace that certificate with the certificate issued to the public name.

Simon.
0
 
LVL 3

Author Comment

by:The_R0CK
ID: 20304155
We have already replaced the certificate with a public certificate, however we still get a certificate error while working internally within the office.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20304248
Do you have your network configured to resolve the external name to the internal IP address? If not then you need to set that.
Have you also configured both internal and external URLs on the various folders to the external name? Again do that as that information is written elsewhere that the clients will use.

SSL certificate support on Exchange 2007 is a real pig to get right, because of the way that Microsoft have implemented, plus changing it with SP1 for both Exchange and Outlook 2007. I have notes for a future article for my web site, but I am not writing anything on Exchange 2007 until SP1 is released (very soon now).

Simon.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Author Comment

by:The_R0CK
ID: 20326286
I have set the Outlook anywhere address to mail.123.com in Exchange. I have configured split-DNS so that mail.123.com resolves to the internal Exchange IP.

Under this configuration OWA work fine inside and outside (no certificate errors).

Outlook anywhere works fine outside (no certificate errors) however inside the office Outlook shows a certificate error stating that the server name does not match the certificate, saying the server name is mail.123.local (where the certificate is for mail.123.com). So I need somehow to get the server to offer mail.123.com when Outlook anywhere is used inside the office??
0
 
LVL 104

Accepted Solution

by:
Sembee earned 300 total points
ID: 20327265
Very common problem.
The name that Outlook 2007 uses to connect to the server is stored in the domain. By default it will be the server's real name. You need to ensure that all URLs in Exchange, particularly around the web services, autodiscover etc are set to the external URL. I cannot be more specific than that at the moment as I am on site without Exchange 2007 and I have written the article on it myself yet. I usually use powergui (http://www.powergui.org/) to work with the SSL certificates and URLs, it is easier than Powershell itself.

Simon.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20558591
Forced accept.

Computer101
EE Admin
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2010 smtp and senderbase ratings 3 49
Exchange Online Archive 2 55
exch2013 changed to new one 6 19
Exchange on iphone 16 40
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
PHP contact form that lets the user to contact the company through email contact form. A button is fixed at the bottom of site, on clicking a new window will open where a user can send the email.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now