macxpres
asked on
Intranet ssl problem with exchange server (.local name and cert.)
Hey guys,
I have an exchange server with name mail.server.local
Usually I add the name to the cert., so the local terminal users don't get an cert. warning.
But now after the Certificate Authorities Browser Forum have blacklisted intranet names, I don't know what to do.
I have the name mail.server.com and autodiscover.server.com in the cert. but the server is called mail.server.local when running autodiscover locally on the network or auto-setup on the local domain.
Any ideas?
I have an exchange server with name mail.server.local
Usually I add the name to the cert., so the local terminal users don't get an cert. warning.
But now after the Certificate Authorities Browser Forum have blacklisted intranet names, I don't know what to do.
I have the name mail.server.com and autodiscover.server.com in the cert. but the server is called mail.server.local when running autodiscover locally on the network or auto-setup on the local domain.
Any ideas?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Beautiful guys, thanks so much.
So if I create another cert. using the Certificate Authority role with the .local domain and only assign it to imap, pop and smtp it would work without the users getting an error when opening outlook?
And I'll still have the IIS service attached to the correct cert. from digicert for example to autodiscover and owa.
So if I create another cert. using the Certificate Authority role with the .local domain and only assign it to imap, pop and smtp it would work without the users getting an error when opening outlook?
And I'll still have the IIS service attached to the correct cert. from digicert for example to autodiscover and owa.
Yes, that is correct :-)
ASKER
Thanks so much guys, It's really appreciated :-)
Anytime! :-)
i.e.
if you cert is called
server.mypublicname.com
then create a DNS forward lookup zone called mypublicname.com
then create an A/Host record in it called server with the INTERNAL ip address of the server itself.
Then tell your users to got to https://server.mypublicname.com and it will work without error.
Yes I know its a pain, Yes I know your users will moan.
Gotcha: if you have www.mypublicname.com as your public website don't forget to create a record called www that points to the PUBLIC ip- address of the web server or your internal hosts will no longer be able to access your public website.
Pete