Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Issue with Updating Exchange UCC SSL Certificate and local domain name

Posted on 2014-01-22
4
Medium Priority
?
1,583 Views
Last Modified: 2014-01-22
I am running Exchange 2010 on an IIS 6 server.  My certificate is expiring, so I went and got a new UCC certificate.  The valid domains were:

webmail.domain.com
autodiscover.domain.com
email-01
email-01.domain.local

When I renewed the certificate I was not allowed to renew the "email-01" and "email-01.domain.local" because they can't be verified.  I didn't think anything of it at the time.

However this morning I installed the new certificate and now my users are getting a warning when opening outlook that the name on the certificate doesn't match.  They are connecting to email-01.domain.local.

I understand what is happening, but not sure of the best resolution.

Suggestions?
0
Comment
Question by:Railroad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 2000 total points
ID: 39800405
You will not be allowed to get a certificate with a "private" domain name any more.
Here's why
http://www.networking4all.com/en/ssl+certificates/faq/change+san+issue/


You have various choices, like changing the virtual directories
http://nathanwinters.co.uk/2010/05/30/script-to-set-internalurl-and-externalurl-for-all-exchange-2010-virtual-directories/
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39800522
As stated you need to configure your virtual directories so that it is pointing to one of the names in the cert. You can no longer using internal domain names and if your clients are pointing to the internal name of the Exchange Vitrual directory it will give you a certificate error because the Exchange server name does not exist in the cert.

We also do the same thing in our environment and internal names need to be added to some certs the way that we get around this is have a .com internal domain have it as a registrar. You can then add your company whois details to this and although you do not have to publish this to the internet it is just another method the 3rd party certificate companies can identify that it is you. If your internal domain name is taken externally, or it is not a valid external domain like (.local) then you are out of luck.

Changing your virtual directories it the quickest fix for your situation.

Will.
0
 

Author Closing Comment

by:Railroad
ID: 39800642
Ran the script to update the virtual directories and all is working.

Thank you for the help!
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 39800731
Glad to be useful.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

671 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question