Certificate error accessing OWA internally

Hi Experts
The certificate for my Outlook Web Access contains the server name mail.domain.co.uk.
For external users this works fine.
For internal users, they get a certificate error, which I expect, seeing as they use the server's hostname to connect instead of the external domain name.
Is there any way around this? Can I configure IE8/9 to ignore certificate errors for certain websites?
Using Exchange 2003.
Cheers
failedAsked:
Who is Participating?
 
DrDave242Connect With a Mentor Commented:
The only way around this without requesting (and paying for) a new cert is to finagle with your internal DNS.  Instead of just creating a record, though, you need to create a new forward lookup zone named mail.domain.co.uk.  Inside that zone, create a blank host record with the internal IP of the mail server.  Since it's in a new zone, your internal domain name won't get appended to it, and since the zone is named mail.domain.co.uk, you won't have to worry about your internal DNS server thinking it's authoritative for the whole domain.co.uk zone.  It's only slightly kludgy, and it won't cost you a penny.
0
 
DLeaverCommented:
You would need to implement a SAN certificate (Subject alternative name) that you can then include the alternative names (including the local FQDN and the NetBIOS name, that will stop this issue from occuring

You can get some very reasonably priced ones here

https://certificatesforexchange.com/
0
 
LeeDerbyshireCommented:
You could try creating an internal DNS record for mail.domain.co.uk (pointing to the internal IP address), so that your internal users can use the same name, but reach the same server.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
failedAuthor Commented:
I tried creating an internal DNS record but it appends the record with my domain name, so it still doesn't match the certificate.

I was hoping not to spend any money on this one, so don't want to go for a SAN cert.

It's not a huge issue, as OWA isn't accessed often internally.

Any other ideas?
0
 
LeeDerbyshireCommented:
It sounds like you tried to create an A record for 'mail.domain.co.uk' inside your DNS lookup zone.  You just need to create a record for 'mail' and point it at your server's internal IP address.
0
 
failedAuthor Commented:
Perfect! Works like a charm.

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.