Solved

SSL Cert for .local domain inside and .com outside

Posted on 2010-09-21
3
822 Views
Last Modified: 2012-06-22
I have a SBS2003 server running Exchange 2003, I need to get Droids and iPhones to connect to Activesync, and of course need a 3rd party Cert.

Here’s my problem.
My internal network is: mynetwork.local
Our email domain is: myWebDomain.com
A SSL Cert for myWebDomain.com won’t recognize a .local domain name which is where the Exchange mail server lives
I know I need a mutli domain SSL Certificate and can get it from GoDaddy cheaply but how do I generate the right CSR?
Do I generate the correct CSR in IIS
      From the Default Website
      Echange
      ExAdmin
      Microsoft-Server-ActiveSync

Do I need a second CSR for mynetwork.local or do I just include mynetwork.local in the SSL request as one of the domains?
What do I do about webmail.myWebDomain.com which points to Outlook Web Access.

I have the same problem with SBS2008 and Exchange 2007 which an entirely different beast. For that I have to do it from Command Line
0
Comment
Question by:ics-pc
3 Comments
 
LVL 16

Expert Comment

by:uescomp
ID: 33729384
I use this online tool to generate certificate requests:

https://www.digicert.com/easy-csr/exchange2007.htm

It says its for Exchange 2007 but I believe it will work for 2003 as well.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 33730200
the public cert CSR , you can do it from IIS.

you can use a free public CA (startssl.com) it works as same as godaddy, but free!!

the internal cert, you can generate it from a local CA by request a new cert using computer account  certificate MMC console.
0
 

Accepted Solution

by:
ics-pc earned 0 total points
ID: 33929568
Created the CSR normally and added both the .local and .com to it.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question