Link to home
Start Free TrialLog in
Avatar of Jason B
Jason BFlag for United States of America

asked on

SSL Certificate can only have FQDN SAN

Hello, I recently had to renew my UCC SSL with GoDaddy. I renewed for three years but upon creating the certificate the GoDaddy website wouldn't let me add any of my Exchange servers to it (host1.domain.local & host2.domain.local). COme to find out after talking to their support, starting in 2015 no one is allowed to include non FQDNs in their SSL certificates. This presented a problem upon installing the new SSL w/o the Exchange servers on it for Outlook clients. We started to see certificate warning error pop-ups. I reversed what I did by buying a two year with what I need on the certificate based on how my environment is configured which included the host.domain.local names.
I'm having some trouble trying to figure out how to reconfigure my Exchange environment to get Outlook/RPC to use instead. I figure I'll have to make new CAS arrays using .com instead of .local and then point the databases at the new CAS arrays. From there client requests hit my KEMP LM2200's which then forward them on to the configured active "Real Server". I feel that this won't be enough as I know that even though Outlook using RPC sees my CAS arrays as the Server Name the Real Server is still a host.domain.local and furthermore I don't have my CAS Array names on my certificates so that's not what Outlook is ultimately complaining about.
Sorry if this is confusing, I'm so thrown off by this SSL change. Good thing is I have two years to figure it out! Unfortunately, I won't rest until I do get this resolved. Thank you in advance for any assistance.
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jason B


I just wanted to follow up to explain what my specific issue was.
After digging into my Client Access URLs (Thanks Sembee2) I found that when setting up my CAS Arrays in the past I overlooked setting the Internal URL on one of my Exchange servers to my outside URL. Once I fixed that doing a Test Email Auto-Configuration revealed that all URLs are now rather than host.doamin.local.