Exchange 2010 SAN Cert and Autodiscover

SSR-IS
SSR-IS used Ask the Experts™
on
Hey Guys!

I´ve setup our new Exchange 2010 Server and everything is running fine. We´ve purchased a certificate from GlobalSign which has all the necessary entries for out external access methods (OWA, ActiveSync, Outlook Anywhere). All these services are running fine without any cert errors.
But when I connect an internal Outlook client to our Exchange, I get a certificate warning. Theat´s because the Exchange shows up with its interal name and internal domain.
Do I have to extend our cert with the internal domain (which will cost another 130$) or is there any other way to get rid of this cert issue with our internal clients?

Thanks!
Steffen
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Awarded 2009
Top Expert 2010

Commented:
You should have the following names:

Autodiscover.domainname.com (where domainname.com is the part after the @ in your email address)
Owa.domainname.com (the URL used for outlook web app)
Servername.domainname.local (the internal fully qualified domain name of your server)

If you run the certificate wizard in Exchange it will create the certificate request for all of these.
 
If you are paying an extra $130 then you are paying too much! You may also find my article here and a 3rd party utility for managing SSL certificates useful: http://demazter.wordpress.com/2010/06/15/exchange-2007-ssl-certificates/

It's designed for exchange 2007 but works equally well for 2010

Author

Commented:
Thanks for your reply!

The problem is that I already purchased a certificate from GlobalSign, it is just missing the servername.domainname.local entry. I think I have to buy the entry - which is handled as a second domain name by GlobalSign - to get rid of these cert-warnings for out internal connections...
Awarded 2009
Top Expert 2010

Commented:
You shouldn't need to buy a new certificate.
Exchange 2010 under default conditions require a SAN/UCC certificate.  Did you purchase a SAN/UCC certificate? If so then you can just re-key the certificate with the correct names.
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Author

Commented:
Yes I bought a SAN/UCC Cert. I have to check this at the GlobalSign Website, but as far as I understood the GlobalSign-Policy, I paid my Cert for use with only on domain. If I need another domain (my internal one) I have to upgrade my Cert - and this will cost $ 130 .
Awarded 2009
Top Expert 2010
Commented:
a SAN/UCC certificate is a multi-domain certificate.  They are designed for this purpose.  If you have a SAN/UCC certificate there should be no reason to pay to upgrade it.

Author

Commented:
I was clicking around at the GlobalSign Website the last few minutes, trying to add a SAN option for out internal domain. It seems I could manage it to add it for free. I have to wait for the confirmation, but Ill let you know as soon as I hear something from them.

Thanks for now, you got me on the right path, I think!

Author

Commented:
Thanks Demazter! It worked perfectly and for free.
I want especially thank you for your very quick responses!

Regards
Steffen

Author

Commented:
Very quick replies!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial