We have created two SAN certificates
Internal (service: IMAP, POP, UM, SMTP)
exdag.abc.com, ex01.abc.com, ex02.abc.com, mail.abc.com , autodiscover.abc.com
External (service: POP, IIS, SMTP)
If we use the internal certificates within IIS service it always pops up for certificate warning message until we bind the IIS service on it. However, the external access to web mail will not work within the IIS service binding on the external certificate.
Currently, we have changed all the CAS to refer mail.abc.com in external URL. I was told that it can create an internal certificate for internal use a public certificate for external use. However, it doesn't work as expected. Any idea ? Can I make the internal certificate work without IIS binding ?
For this change, will the DAG work as expected ? In case the EX01 is down, will the EX02 take up the work actually as I have already changed all the CAS internal & external reference to mail.abc.com.