Ran into an issue requesting a new UCC for a new Exchange 2007 box. Tried to request the UCC according to directions posted here:
Getting the UCC approved for "server", "owa.externaldomain.com", and "autodiscover.externaldoma
in.com" were easy enough. But I have been unable to get approval for "server.internaldomain.com
" because we don't own "www.internaldomain.com
This is problematic because when I enable the certificate for the IIS service, it becomes active for OWA (which I want) but then returns the following when configuring Outlook on an internal workstation:
Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.
The security certificate is from a trusted certifying authority.
The security certificate date is valid.
The name on the security certificate is invalid or does not match the name of the site.
I called our certificate provider for advice, and the tech's suggestion was to change our entire internal domain name to something we could own. This seems rather extreme to have to rename our entire domain.
Is there a way to get "server.internaldomain.com
" onto our certificate? Alternately, is there a way to trick Outlook to look for just "server" on the certificate rather than "server.internaldomain.com
"? Or lastly, is there a way for the Exchange server to use the self-signed certificate for Outlook connections and the 3rd party certificate for all external connections (OWA, Activesync)?