Solved

SAN/UCC names, cannot add the internal name

Posted on 2010-09-15
9
835 Views
Last Modified: 2013-11-30
I was not able to add the internal name since the certificate comon name is mydomain.com, so to add the alternate name servername.mydomain.local was not possible on the same certificate.
OR is it possible?
Godaddy is the one issuing the UCC certificate.
For alternate names I have:mail and autodiscovery so I end up with mail.mydomain.com and autodiscovery.mydomain.com

I did created a primary zone on my internal DNS with mydomain.com and added the record for autodiscovery and mail.
What is your opinion?
0
Comment
Question by:betotucho
  • 5
  • 4
9 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33682125
It is possible.

For example my server has the following names in it's certificate:
DNS Name=owa.domain1.co.uk
DNS Name=owa.domain2.co.uk
DNS Name=owa.domain3.com
DNS Name=owa.domain4.co.uk
DNS Name=autodiscover.domain1.co.uk
DNS Name=autodiscover.domain3.com
DNS Name=autodiscover.domain2.co.uk
DNS Name=autodiscover.domain4.co.uk
DNS Name=servername.internaldomain.local


0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33682129
why are you creating an internal domain of mydomain.com in your DNS?
0
 

Author Comment

by:betotucho
ID: 33682598
Thank for your comments.
DeMAzter:

Who is your certificate provider, Goddaddy did not let add mydomain.local at all.

I need the internal when users with laptops that not belong to the domain, but the yet the users have an Outllook account want to connect using RPC.
If you see the related question, I had the issue where If the internal servername is not part of the certificate you WILL receive a certificate error in outlook using the default configuration.
So, if I have autodiscovery and mail records on a mydomain.com DNS, and the user is using RPC, they do not get errors.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33682651
GoDaddy should allow you to do this, as most will.

How are you requesting the certificate?

There is no need to change the default configuration of Exchange or DNS to make this work properly.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:betotucho
ID: 33682801
I requested a 2048 certificate with common name mydomain.com
On Goddady, I requested a UCC certificate, I entered the thumbprint text of the certificate, then below the request it said alternate names for which I choose
mail, and autodiscovery.
I cannot enter servername.mydomain.local
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33682918
You need to add these in to the CSR request, which version of Exchange are you using?

You might want to take a look at my blog here with regards to a utility that can generate the correct request for you: http://demazter.wordpress.com/2010/06/15/exchange-2007-ssl-certificates/
0
 

Author Comment

by:betotucho
ID: 33683049
SBS2003, XCH2003
Thank you, but as I stated, you cannot add the servername.mydomain.local to a common name mydomain.com
Not on Goddady at least.
I will let you know how it turns out.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 33683158
I am not sure I understand your last statement.  If you are using a SAN/UCC certificate you can add whatever domains you like as long as you own them.

For exchange 2003 you don't need a SAN/UCC certificate.  All you need is the external URL you will use.
0
 

Author Comment

by:betotucho
ID: 33684294
I did mamage to rekey the certificate request and add the Alternate Names.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now