betotucho
asked on
SAN/UCC names, cannot add the internal name
I was not able to add the internal name since the certificate comon name is mydomain.com, so to add the alternate name servername.mydomain.local was not possible on the same certificate.
OR is it possible?
Godaddy is the one issuing the UCC certificate.
For alternate names I have:mail and autodiscovery so I end up with mail.mydomain.com and autodiscovery.mydomain.com
I did created a primary zone on my internal DNS with mydomain.com and added the record for autodiscovery and mail.
What is your opinion?
OR is it possible?
Godaddy is the one issuing the UCC certificate.
For alternate names I have:mail and autodiscovery so I end up with mail.mydomain.com and autodiscovery.mydomain.com
I did created a primary zone on my internal DNS with mydomain.com and added the record for autodiscovery and mail.
What is your opinion?
why are you creating an internal domain of mydomain.com in your DNS?
ASKER
Thank for your comments.
DeMAzter:
Who is your certificate provider, Goddaddy did not let add mydomain.local at all.
I need the internal when users with laptops that not belong to the domain, but the yet the users have an Outllook account want to connect using RPC.
If you see the related question, I had the issue where If the internal servername is not part of the certificate you WILL receive a certificate error in outlook using the default configuration.
So, if I have autodiscovery and mail records on a mydomain.com DNS, and the user is using RPC, they do not get errors.
DeMAzter:
Who is your certificate provider, Goddaddy did not let add mydomain.local at all.
I need the internal when users with laptops that not belong to the domain, but the yet the users have an Outllook account want to connect using RPC.
If you see the related question, I had the issue where If the internal servername is not part of the certificate you WILL receive a certificate error in outlook using the default configuration.
So, if I have autodiscovery and mail records on a mydomain.com DNS, and the user is using RPC, they do not get errors.
GoDaddy should allow you to do this, as most will.
How are you requesting the certificate?
There is no need to change the default configuration of Exchange or DNS to make this work properly.
How are you requesting the certificate?
There is no need to change the default configuration of Exchange or DNS to make this work properly.
ASKER
I requested a 2048 certificate with common name mydomain.com
On Goddady, I requested a UCC certificate, I entered the thumbprint text of the certificate, then below the request it said alternate names for which I choose
mail, and autodiscovery.
I cannot enter servername.mydomain.local
On Goddady, I requested a UCC certificate, I entered the thumbprint text of the certificate, then below the request it said alternate names for which I choose
mail, and autodiscovery.
I cannot enter servername.mydomain.local
You need to add these in to the CSR request, which version of Exchange are you using?
You might want to take a look at my blog here with regards to a utility that can generate the correct request for you: http://demazter.wordpress.com/2010/06/15/exchange-2007-ssl-certificates/
You might want to take a look at my blog here with regards to a utility that can generate the correct request for you: http://demazter.wordpress.com/2010/06/15/exchange-2007-ssl-certificates/
ASKER
SBS2003, XCH2003
Thank you, but as I stated, you cannot add the servername.mydomain.local to a common name mydomain.com
Not on Goddady at least.
I will let you know how it turns out.
Thank you, but as I stated, you cannot add the servername.mydomain.local to a common name mydomain.com
Not on Goddady at least.
I will let you know how it turns out.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did mamage to rekey the certificate request and add the Alternate Names.
For example my server has the following names in it's certificate:
DNS Name=owa.domain1.co.uk
DNS Name=owa.domain2.co.uk
DNS Name=owa.domain3.com
DNS Name=owa.domain4.co.uk
DNS Name=autodiscover.domain1.
DNS Name=autodiscover.domain3.
DNS Name=autodiscover.domain2.
DNS Name=autodiscover.domain4.
DNS Name=servername.internaldo