[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

Certificate issue in Exchange 2010

We have installed public SAN certificate in Exchange 2010 and everything works fine.

However, we encounter problem when users are connecting to the internal LAN, as the public server don't have the internal name for the Exchange servers. Actually, we have already generated a certificate with alterative name but it still doesn't work. Is it because the IIS service doesn't bind to the internal server ?

However, if we bind the IIS service to internal certificate, the external access would not work.

Any idea for the problem ?

Tks
EX01.png
0
AXISHK
Asked:
AXISHK
  • 5
  • 2
2 Solutions
 
Jaroslav MrazCTOCommented:
Hi,

simple generate the certificate with all of names you need in new exchange certification wizard.

in part of Certified Domains the last step. Add all of domains you wanted to have in certificate but YOU MUST USE FDQN server.domain.extention format.

http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/

Then save your request and submit it to AD Certificate authority from web server https://servername/certsrv  SUBMIT Certificate request

but download in BASE 64 it usually works better every other steps from https://servername/certsrv in manual down is same.

http://exchangeserverpro.com/how-to-issue-a-san-certificate-to-exchange-server-2010-from-a-private-certificate-authority/

or you can use commercial pays authority like godady
0
 
Simon Butler (Sembee)ConsultantCommented:
All you need to do is configure a split DNS so the external name resolves internally, then configure Exchange to use the external name internally.
http://semb.ee/hostnames

No need to generate new certificates if you already have a trusted certificate, as that just increases headaches and unless you control every machine connecting an internal certificate is going to generate prompts.

Simon.
0
 
AXISHKAuthor Commented:
Internal and external use the same domain.
internal: ex01.abc.com ex02.abc.com exdag.abc.com mail.abc.com autodiscover.abc.com
external:mail.abc.com autodiscover
lls bind to
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
AXISHKAuthor Commented:
lls bind to public certificate
0
 
AXISHKAuthor Commented:
Currently mail.abc.com is resolved with interal lp address
0
 
AXISHKAuthor Commented:
For my problem is it affected by lls bind to public cert
0
 
Jaroslav MrazCTOCommented:
When you have a certificate with every name you need because this is basic problem in lot of corporation people usually make one certificate with name mail .... and server needs one certificate with multiple names like in manual up.

Then second thing is after import a certificate you must use Exchange console to assign services to the certificate

you go to:

server configuration
select certificate you want
in right axing services to certificate
and chose all services you want tu have for certificate IIS, POP3, IMAP ..... it is simple wizard

after you can test it
0
 
AXISHKAuthor Commented:
Great Tks.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now