Exchange 2007 SSL Problem with Domain Name
Posted on 2011-03-04
Hey everyone. Here is my situation. I have inherited supporting a network where they named the internal domain the name of aaa.com. I have an exchange 2007 server on this internal domain that I am trying to install an SSL cert on. The machine name is computer.aaa.com. Here is the problem. The brilliant minds that created this internal domain, named it a domain we do not own! Therefore, I can't get a cert validated and approved on aaa.com. We don't own it!!
The external domain name is something totally different yyy.com. We own that and I am able to get an SSL to secure those names. The problem is I am getting this error in my event log constantly.
Microsoft Exchange could not find a certificate that contains the domain name mail.yyy.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector SMTP with a FQDN parameter of mail.yyy.com. If the connector's FQDN is not specified, the computer's FQDN (computername.aaa.com) is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
The problem is that my email is heading out the door with my internal computer domain name computername.aaa.com. That fails every time on Reverse DNS checks.
I can't get an SSL to match our internal domain name. I really, really, really can't rename the internal domain, so I have to find a way to make this work. Can anyone offer any suggestions that I can try?