Link to home
Start Free TrialLog in
Avatar of skagoogee
skagoogeeFlag for United States of America

asked on

Need Explanation with the SSL Certificates installed on Exchange 2007

We have just migrated to Exchange 2007.  I purchased a SSL Cert from Network solutions for mail.domain.org - and that is working great for OWA access.

Internally, things are not working quite as well.  #1 - I can't register our Spam filter (Ninja) because the domain is not verified.  I also get a pop up about our certificate when accessing Exchange via Outlook 2007.  This is because they are both looking for a certificate for servername.domain.org - not mail.domain.org.

So - can I create a certificate to use internally and resolve the problem?  Can IIS have multiple certificates per site?  Or, do I need to go back to Network Solutions and purchase a domain.org SSL Certificate that will cover all subdomains?

This is my first venture down the SSL road so don't assume the basics - and as always, thanks for the help!

 
ASKER CERTIFIED SOLUTION
Avatar of BBRazz
BBRazz
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of skagoogee

ASKER

Excellent - that is what i needed.

I spoke w/ Network Solutions and I could upgrade to a wildcard domain cert which I believe will do the trick and is comparable in price - plus we already have an account w/ them.

Then I could connect to *.domain.org - which would also do the trick - correct?  Or is there something special I am missing that Exchange requires.

I believe all I need is:

autodiscover.domain.org
servername.domain.org
mail.domain.org

Thanks again.
As long as your internal domain naming convention matches the FQDN above, that is fine.

If on the other hand, you use internal.domain.local internally, a Wildcard SSL will give you SSL errors from internal users if you have any. (OWA, OUTLOOK ANYWHERE ONLY)
Thanks - that makes total sense.

Yes - our domain name internally is the same as our domain externally - which introduced a whole set of other challenges as well as some benefits....but I won't go into all of that here.

BBRazz - you have been a great help.  I will think this through tonight and order my wildcard SSL tomorrow - providing I don't realize some reason not to....then I will close this question.
How are you going with this skagoogee?

Are we in a position to Accept the Answer?
Thanks again for all of your help - everything is working well.