Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange certificate with an invalid internal domain

Posted on 2011-03-21
3
Medium Priority
?
610 Views
Last Modified: 2012-06-01
I just upgraded Exchange 2003 to 2010. I wanted to get a real certificate for this client. The problem is their internal domain is a vaild Internet domain name ending in .com that is owned by someone else

I can't use that domain name in a certificate.

I know I can get a certificate with just the external domain but I want to elimintate the certificate error that pops up in Outlook on the internal network

How can I get around this problem?.
0
Comment
Question by:ajdratch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Expert Comment

by:wynandkunkel
ID: 35182560
I have not implemented it myself but can imagine the following:

-Install a CA on one of the DC's in the domain (Backup of thei machine becomes (EXTREMELY!!!!) important.
-issue a certificate (with the .com domain) on the internal CA
-publish/install that internal domain cert on the internal network to all machines using GPO mechanism.

Assuming that the external domain cert has already bee issued, this way the machines should trust the (internal) CA when on the LAN and also trust the (external) CA when roaming.

Best of luck!
0
 
LVL 7

Expert Comment

by:TheTull
ID: 35182653
If all you want to really accomplish is to eliminate the certificate error notification then your clients just need to trust the CA root certificate.  I see no reason why not to just use a self-signed certificate on the internal LAN, and then have your clients import the root certificate into the trusted root certificate authorities.  
0
 
LVL 1

Accepted Solution

by:
satshah earned 2000 total points
ID: 35182839
Create an internal certificate for your domain and modify the URL in the exchange management shell.

http://support.microsoft.com/kb/940726


To resolve this issue, modify the URLs for the appropriate Exchange 2007 components. To do this, follow these steps:
Start the Exchange Management Shell.
Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, type the following command, and then press ENTER:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml
Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:
Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx
Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:
Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.contoso.com/oab
Modify the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press ENTER:
Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedmessaging (Default Web Site)" -InternalUrl https://mail.contoso.com/unifiedmessaging/service.asmx
Note This command is required only in an Exchange 2007 environment. This command no longer exists in an Exchange 2010 environment. Instead, the WebServices URL is used for this purpose.
Open IIS Manager.
Expand the local computer, and then expand Application Pools.
Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question