Link to home
Start Free TrialLog in
Avatar of vmdude
vmdudeFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Autodiscover & certificate question Exchange 2010

Here is our proposed 2010 Exchange environment

2 AD sites each with a mailbox server and a internet facing CAS/HT server at each site

Our internal domain is domain.local although we will be using split DNS as we want to use a single URL for both internal and external clients for things like OWA etc.

When generating our SAN SSL certificate can I avoid putting our internal FQDN of our CAS servers on the certificate?

For example our internal CAS servers are called CAS1.domain.local and CAS2.domain.local I want to avoid putting these names on the external certificate.

How do we avoid outlook 2007/2010 certificate errors without including our FQDN CAS server names?
Avatar of suriyaehnop
Flag of Malaysia image

If you have more many CAS server, the best way is to create CAS array. On certificate, just put the CAS array name instead of individual CAS servers name.
Avatar of vmdude


My CAS array name will also be cas.domain. local though. I don't want to use any .local names on my SAN certificate and defiantly don't want my CAS array name to be externally routeable or put it on the certificate
if you look at the link i posted:
This one is important if you don’t want to have any issues when you change the certificate, by default all Exchange Web Services will be using the local server FQDN and besides of being a best practice you can add a Public Certificate without changing any settings.

Open in new window

Avatar of vmdude


OK thank-you, however I was under the impression that certificate authoritys were going to stop issuing certificates with .local names on in the future? Surely the only way around this isn't to just to change the internal domain name to one you own. That would be a huge headache :(
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial