Avatar of Jason B
Jason B
Flag for United States of America asked on

SSL Certificate can only have FQDN SAN

Hello, I recently had to renew my UCC SSL with GoDaddy. I renewed for three years but upon creating the certificate the GoDaddy website wouldn't let me add any of my Exchange servers to it (host1.domain.local & host2.domain.local). COme to find out after talking to their support, starting in 2015 no one is allowed to include non FQDNs in their SSL certificates. This presented a problem upon installing the new SSL w/o the Exchange servers on it for Outlook clients. We started to see certificate warning error pop-ups. I reversed what I did by buying a two year with what I need on the certificate based on how my environment is configured which included the host.domain.local names.
I'm having some trouble trying to figure out how to reconfigure my Exchange environment to get Outlook/RPC to use email.domain.com instead. I figure I'll have to make new CAS arrays using .com instead of .local and then point the databases at the new CAS arrays. From there client requests hit my KEMP LM2200's which then forward them on to the configured active "Real Server". I feel that this won't be enough as I know that even though Outlook using RPC sees my CAS arrays as the Server Name the Real Server is still a host.domain.local and furthermore I don't have my CAS Array names on my certificates so that's not what Outlook is ultimately complaining about.
Sorry if this is confusing, I'm so thrown off by this SSL change. Good thing is I have two years to figure it out! Unfortunately, I won't rest until I do get this resolved. Thank you in advance for any assistance.
ExchangeOutlookSSL / HTTPS

Avatar of undefined
Last Comment
Jason B

8/22/2022 - Mon
Simon Butler (Sembee)

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Jason B

I just wanted to follow up to explain what my specific issue was.
After digging into my Client Access URLs (Thanks Sembee2) I found that when setting up my CAS Arrays in the past I overlooked setting the Internal URL on one of my Exchange servers to my outside URL. Once I fixed that doing a Test Email Auto-Configuration revealed that all URLs are now email.domain.com rather than host.doamin.local.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck