Intranet names not allowed as SAN in certificates anymore

Hi, I recently bumped into this problem whereby I tried to purchase a new multiple domain certificate for a client who's exchange 2007 server is currently running with a single name cert (which is causing cert warning pop-ups for internal users). So I figured I'd purchase a 3 year multiple name cert and include the local name of the server exchange07.domain.local only now I find you are no longer allowed intranet names on a cert. So... how do I get around this issue as we look after various SBS2008/11 and exchange 07/10 boxes that will come a cropper when their cert expires.
RealtecComputingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
If you configure same URL for internal and external address of AutoDiscoverService,Offline Address Book distribution, WebServicesVirtualDirectory  

Check the attached file for the commands to check the current status and commands to configure URls

Please try this first
autodiscover.txt
0
Cliff GaliherCommented:
There is no need for the internal name on the certificate. With SBS, the setup wizards configure Exchange appropriately and create a split-DNS zone automatically so internal clients n external clients all use the same URL, which is not an intranet name.

If the wizards were skipped, or in non-SBS environments, you will want to replicate that environment using the same methods. Set up the various exchange URLs to use an externally valid name and create a split DNS zone (if necessary for your topology) so the external name lookups return the internal IP address while on the LAN.

When properly configured, clients will not get an internal name and will not throw a certificate warning,
0
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RealtecComputingAuthor Commented:
Thankyou all for the replies, all good clear info, will accept all as solutions.
0
RealtecComputingAuthor Commented:
All good info answers.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.