Certificate issue in Exchange 2010

We have installed public SAN certificate in Exchange 2010 and everything works fine.

However, we encounter problem when users are connecting to the internal LAN, as the public server don't have the internal name for the Exchange servers. Actually, we have already generated a certificate with alterative name but it still doesn't work. Is it because the IIS service doesn't bind to the internal server ?

However, if we bind the IIS service to internal certificate, the external access would not work.

Any idea for the problem ?

Who is Participating?
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
All you need to do is configure a split DNS so the external name resolves internally, then configure Exchange to use the external name internally.

No need to generate new certificates if you already have a trusted certificate, as that just increases headaches and unless you control every machine connecting an internal certificate is going to generate prompts.

Jaroslav MrazConnect With a Mentor CTOCommented:

simple generate the certificate with all of names you need in new exchange certification wizard.

in part of Certified Domains the last step. Add all of domains you wanted to have in certificate but YOU MUST USE FDQN server.domain.extention format.


Then save your request and submit it to AD Certificate authority from web server https://servername/certsrv  SUBMIT Certificate request

but download in BASE 64 it usually works better every other steps from https://servername/certsrv in manual down is same.


or you can use commercial pays authority like godady
AXISHKAuthor Commented:
Internal and external use the same domain.
internal: ex01.abc.com ex02.abc.com exdag.abc.com mail.abc.com autodiscover.abc.com
external:mail.abc.com autodiscover
lls bind to
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

AXISHKAuthor Commented:
lls bind to public certificate
AXISHKAuthor Commented:
Currently mail.abc.com is resolved with interal lp address
AXISHKAuthor Commented:
For my problem is it affected by lls bind to public cert
Jaroslav MrazCTOCommented:
When you have a certificate with every name you need because this is basic problem in lot of corporation people usually make one certificate with name mail .... and server needs one certificate with multiple names like in manual up.

Then second thing is after import a certificate you must use Exchange console to assign services to the certificate

you go to:

server configuration
select certificate you want
in right axing services to certificate
and chose all services you want tu have for certificate IIS, POP3, IMAP ..... it is simple wizard

after you can test it
AXISHKAuthor Commented:
Great Tks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.