Tercestisi
asked on
Wildcard Cert from Godaddy for Exchange 2010 - Multiple Certs/Domains
We just obtained a wildcard cert from GoDaddy and successfully imported and assigned the iis and smtp services to the cert.
The cert is *.domain1.com and our internal domain where Exchange is hosted is *.domain.local.
Now OWA and ActiveSync work without displaying the invalid cert error, but internal Exchange users receive an invalid certificate error as it is using the GoDaddy certificate and therefore lists as exchange-server.domain1.co m instead of exchange-server.domain.loc al.
How do I address this? I've used wildcard GoDaddy certs in the past successfully with Exchange 2007, so it should be possible without using a UCC cert.
I simply want to be able to use the GoDaddy cert for OWA and Activesync (and pop and imap would be nice too), and the self-signed cert that came with Exchange 2010 for internal Outlook clients on the domain. It seems that I can only assign IIS to one of the certs, as the thumbprints get overwritten, so I'm not sure what to do.
The cert is *.domain1.com and our internal domain where Exchange is hosted is *.domain.local.
Now OWA and ActiveSync work without displaying the invalid cert error, but internal Exchange users receive an invalid certificate error as it is using the GoDaddy certificate and therefore lists as exchange-server.domain1.co
How do I address this? I've used wildcard GoDaddy certs in the past successfully with Exchange 2007, so it should be possible without using a UCC cert.
I simply want to be able to use the GoDaddy cert for OWA and Activesync (and pop and imap would be nice too), and the self-signed cert that came with Exchange 2010 for internal Outlook clients on the domain. It seems that I can only assign IIS to one of the certs, as the thumbprints get overwritten, so I'm not sure what to do.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
shreedhar: Thanks, will take a look.
alanhardisty: The reason we use wildcard certs is so that we can direct different subdomains to our different servers on the network. I have used wildcard certs in the past on Exchange with no problem.
alanhardisty: The reason we use wildcard certs is so that we can direct different subdomains to our different servers on the network. I have used wildcard certs in the past on Exchange with no problem.
I understand the reasons why, but it won't work with a Wildcard unless your internal and external domains are the same name.
Exchange 2007 and 2010 require multi-name certificates to include the following names as a minimum:
mail.yourdomain.com
autodiscover.yourdomain.co m
internalservername.interna ldomain.lo cal
internalservername
With a Wildcard certificate, you cannot specify both internal and external domain names and thus you will have problems.
Exchange 2007 and 2010 require multi-name certificates to include the following names as a minimum:
mail.yourdomain.com
autodiscover.yourdomain.co
internalservername.interna
internalservername
With a Wildcard certificate, you cannot specify both internal and external domain names and thus you will have problems.
ASKER
shreedhar: Thanks, that link you posted will work; I believe that's what I used way back when (internal DNS resolving of domain1.com to domain.selc and updating the Internal URL paths for outlook to use the domain1.com path.
They are not the same as a SAN / UCC certificate and will only work if your internal and external domain names are exactly the same, which in your case is not applicable.
Sorry - but you either need to buy a SAN / UCC certificate or rebuild your domain.