Wildcard Cert from Godaddy for Exchange 2010 - Multiple Certs/Domains

We just obtained a wildcard cert from GoDaddy and successfully imported and assigned the iis and smtp services to the cert.

The cert is *.domain1.com and our internal domain where Exchange is hosted is *.domain.local.

Now OWA and ActiveSync work without displaying the invalid cert error, but internal Exchange users receive an invalid certificate error as it is using the GoDaddy certificate and therefore lists as exchange-server.domain1.com instead of exchange-server.domain.local.

How do I address this? I've used wildcard GoDaddy certs in the past successfully with Exchange 2007, so it should be  possible without using a UCC cert.

I simply want to be able to use the GoDaddy cert for OWA and Activesync (and pop and imap would be nice too), and the self-signed cert that came with Exchange 2010 for internal Outlook clients on the domain. It seems that I can only assign IIS to one of the certs, as the thumbprints get overwritten, so I'm not sure what to do.
TercestisiAsked:
Who is Participating?
 
Shreedhar EtteCommented:
Hi,

Refer this article:
http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/

Hope this helps,
Shree
0
 
Alan HardistyCo-OwnerCommented:
Wildcard certificates are not suitable for Exchange 2007 or 2010 and should not be used.
They are not the same as a SAN / UCC certificate and will only work if your internal and external domain names are exactly the same, which in your case is not applicable.
Sorry - but you either need to buy a SAN / UCC certificate or rebuild your domain.
 
0
 
TercestisiAuthor Commented:
shreedhar: Thanks, will take a look.

alanhardisty: The reason we use wildcard certs is so that we can direct different subdomains to our different servers on the network. I have used wildcard certs in the past on Exchange with no problem.
0
 
Alan HardistyCo-OwnerCommented:
I understand the reasons why, but it won't work with a Wildcard unless your internal and external domains are the same name.
Exchange 2007 and 2010 require multi-name certificates to include the following names as a minimum:
mail.yourdomain.com
autodiscover.yourdomain.com
internalservername.internaldomain.local
internalservername
With a Wildcard certificate, you cannot specify both internal and external domain names and thus you will have problems.
0
 
TercestisiAuthor Commented:
shreedhar: Thanks, that link you posted will work; I believe that's what I used way back when (internal DNS resolving of domain1.com to domain.selc and updating the Internal URL paths for outlook to use the domain1.com path.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.