Link to home
Start Free TrialLog in
Avatar of Tercestisi
TercestisiFlag for United States of America

asked on

Wildcard Cert from Godaddy for Exchange 2010 - Multiple Certs/Domains

We just obtained a wildcard cert from GoDaddy and successfully imported and assigned the iis and smtp services to the cert.

The cert is *.domain1.com and our internal domain where Exchange is hosted is *.domain.local.

Now OWA and ActiveSync work without displaying the invalid cert error, but internal Exchange users receive an invalid certificate error as it is using the GoDaddy certificate and therefore lists as exchange-server.domain1.com instead of exchange-server.domain.local.

How do I address this? I've used wildcard GoDaddy certs in the past successfully with Exchange 2007, so it should be  possible without using a UCC cert.

I simply want to be able to use the GoDaddy cert for OWA and Activesync (and pop and imap would be nice too), and the self-signed cert that came with Exchange 2010 for internal Outlook clients on the domain. It seems that I can only assign IIS to one of the certs, as the thumbprints get overwritten, so I'm not sure what to do.
ASKER CERTIFIED SOLUTION
Avatar of Shreedhar Ette
Shreedhar Ette
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Wildcard certificates are not suitable for Exchange 2007 or 2010 and should not be used.
They are not the same as a SAN / UCC certificate and will only work if your internal and external domain names are exactly the same, which in your case is not applicable.
Sorry - but you either need to buy a SAN / UCC certificate or rebuild your domain.
 
Avatar of Tercestisi

ASKER

shreedhar: Thanks, will take a look.

alanhardisty: The reason we use wildcard certs is so that we can direct different subdomains to our different servers on the network. I have used wildcard certs in the past on Exchange with no problem.
I understand the reasons why, but it won't work with a Wildcard unless your internal and external domains are the same name.
Exchange 2007 and 2010 require multi-name certificates to include the following names as a minimum:
mail.yourdomain.com
autodiscover.yourdomain.com
internalservername.internaldomain.local
internalservername
With a Wildcard certificate, you cannot specify both internal and external domain names and thus you will have problems.
shreedhar: Thanks, that link you posted will work; I believe that's what I used way back when (internal DNS resolving of domain1.com to domain.selc and updating the Internal URL paths for outlook to use the domain1.com path.