Wildcard Cert from Godaddy for Exchange 2010 - Multiple Certs/Domains

We just obtained a wildcard cert from GoDaddy and successfully imported and assigned the iis and smtp services to the cert.

The cert is *.domain1.com and our internal domain where Exchange is hosted is *.domain.local.

Now OWA and ActiveSync work without displaying the invalid cert error, but internal Exchange users receive an invalid certificate error as it is using the GoDaddy certificate and therefore lists as exchange-server.domain1.com instead of exchange-server.domain.local.

How do I address this? I've used wildcard GoDaddy certs in the past successfully with Exchange 2007, so it should be  possible without using a UCC cert.

I simply want to be able to use the GoDaddy cert for OWA and Activesync (and pop and imap would be nice too), and the self-signed cert that came with Exchange 2010 for internal Outlook clients on the domain. It seems that I can only assign IIS to one of the certs, as the thumbprints get overwritten, so I'm not sure what to do.
TercestisiAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shreedhar EtteCommented:
Hi,

Refer this article:
http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/

Hope this helps,
Shree
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alan HardistyCo-OwnerCommented:
Wildcard certificates are not suitable for Exchange 2007 or 2010 and should not be used.
They are not the same as a SAN / UCC certificate and will only work if your internal and external domain names are exactly the same, which in your case is not applicable.
Sorry - but you either need to buy a SAN / UCC certificate or rebuild your domain.
 
0
TercestisiAuthor Commented:
shreedhar: Thanks, will take a look.

alanhardisty: The reason we use wildcard certs is so that we can direct different subdomains to our different servers on the network. I have used wildcard certs in the past on Exchange with no problem.
0
Alan HardistyCo-OwnerCommented:
I understand the reasons why, but it won't work with a Wildcard unless your internal and external domains are the same name.
Exchange 2007 and 2010 require multi-name certificates to include the following names as a minimum:
mail.yourdomain.com
autodiscover.yourdomain.com
internalservername.internaldomain.local
internalservername
With a Wildcard certificate, you cannot specify both internal and external domain names and thus you will have problems.
0
TercestisiAuthor Commented:
shreedhar: Thanks, that link you posted will work; I believe that's what I used way back when (internal DNS resolving of domain1.com to domain.selc and updating the Internal URL paths for outlook to use the domain1.com path.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.