Solved

Managing Exchange Certificates with Multiple Domain's

Posted on 2007-11-14
7
1,218 Views
Last Modified: 2012-08-14
Hi Guys,

I have another Exchange issue!

We have a customer with Exchange 07. The Exchange server manages currently two external domains, with plans for a third. Lets say they are 123.com and 321.com. The internal domain is 123.local.

We want users to use Outlook Anywhere from both inside and outside the office, im a confused as to how to manage the certificates. We have configured the Outlook Anywhere settings to use the FQDN of 123.com, however when we connect internally it gives a certificate error and shows 123.local. Does this mean we need a certificate for 123.local? Is this possible?

If a user has an email address on 321.com, do they need to put the exchange name as 123.com? If we want to use 321.com, do we need a multidomain certificate? Is this possible?

Thanks in Advance
0
Comment
Question by:The_R0CK
  • 3
  • 2
7 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 20287844
Exchange 2007 generates its own certificate, using the server's local name. You need to replace that certificate with the certificate issued to the public name.

Simon.
0
 
LVL 3

Author Comment

by:The_R0CK
ID: 20304155
We have already replaced the certificate with a public certificate, however we still get a certificate error while working internally within the office.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20304248
Do you have your network configured to resolve the external name to the internal IP address? If not then you need to set that.
Have you also configured both internal and external URLs on the various folders to the external name? Again do that as that information is written elsewhere that the clients will use.

SSL certificate support on Exchange 2007 is a real pig to get right, because of the way that Microsoft have implemented, plus changing it with SP1 for both Exchange and Outlook 2007. I have notes for a future article for my web site, but I am not writing anything on Exchange 2007 until SP1 is released (very soon now).

Simon.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 3

Author Comment

by:The_R0CK
ID: 20326286
I have set the Outlook anywhere address to mail.123.com in Exchange. I have configured split-DNS so that mail.123.com resolves to the internal Exchange IP.

Under this configuration OWA work fine inside and outside (no certificate errors).

Outlook anywhere works fine outside (no certificate errors) however inside the office Outlook shows a certificate error stating that the server name does not match the certificate, saying the server name is mail.123.local (where the certificate is for mail.123.com). So I need somehow to get the server to offer mail.123.com when Outlook anywhere is used inside the office??
0
 
LVL 104

Accepted Solution

by:
Sembee earned 300 total points
ID: 20327265
Very common problem.
The name that Outlook 2007 uses to connect to the server is stored in the domain. By default it will be the server's real name. You need to ensure that all URLs in Exchange, particularly around the web services, autodiscover etc are set to the external URL. I cannot be more specific than that at the moment as I am on site without Exchange 2007 and I have written the article on it myself yet. I usually use powergui (http://www.powergui.org/) to work with the SSL certificates and URLs, it is easier than Powershell itself.

Simon.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20558591
Forced accept.

Computer101
EE Admin
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Find out what you should include to make the best professional email signature for your organization.
PHP contact form that lets the user to contact the company through email contact form. A button is fixed at the bottom of site, on clicking a new window will open where a user can send the email.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now