Link to home
Create AccountLog in
Avatar of Michael
Michael

asked on

Exchange 2010 UCC Certs

I am trying to get a UCC Cert from Go-Daddy for our Exchange 2010 Server. Just finding out that I may have an issue though. I have used for our Internal network a domain that will not be supported soon. It is DOMAIN.LOCAL  So yes I could get a 2 year UCC cert and worry about it in November of 2015. Or try to figure out how to fix this now and do it right. What are my options on fixing this and getting it to work the right way?
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

You can fix it now.
Just use a split DNS system to allow the external name to resolve internally. That is how I am doing it for all deployments I am involved with.

You will just need to change the URLs in Exchange.

As per this page, but minus the autodiscover SRV record at the start
http://exchange.sembee.info/2010/install/singlenamessl.asp

Simon.
Avatar of Michael
Michael

ASKER

I am not picking up something here, this does not talk about if your AD is a .local so how would this work in my case?
ASKER CERTIFIED SOLUTION
Avatar of Akhater
Akhater
Flag of Lebanon image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Intra-AD communication isn't covered by the SSL cert. It's all about client connectivity (Outlook, OWA, ActiveStynk, etc.). Those can all be DNS-driven, even if the domain uses a different TLD. It's also possible to add an alternate domain for UPN to get everything to match.
Teh only thing the SSL certificate protects is web services, which is covered by URLs in Exchange. These URLs are published to the domain via autodiscover. Therefore you can use any URL that you like, as long as it resolves.

The .local is fine for the RPC CAS Array as that doesn't have to be in the SSL certificate, nor should it resolve externally.

Simon.