• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1607
  • Last Modified:

Issue with Updating Exchange UCC SSL Certificate and local domain name

I am running Exchange 2010 on an IIS 6 server.  My certificate is expiring, so I went and got a new UCC certificate.  The valid domains were:


When I renewed the certificate I was not allowed to renew the "email-01" and "email-01.domain.local" because they can't be verified.  I didn't think anything of it at the time.

However this morning I installed the new certificate and now my users are getting a warning when opening outlook that the name on the certificate doesn't match.  They are connecting to email-01.domain.local.

I understand what is happening, but not sure of the best resolution.

  • 2
1 Solution
Carol ChisholmCommented:
You will not be allowed to get a certificate with a "private" domain name any more.
Here's why

You have various choices, like changing the virtual directories
Will SzymkowskiSenior Solution ArchitectCommented:
As stated you need to configure your virtual directories so that it is pointing to one of the names in the cert. You can no longer using internal domain names and if your clients are pointing to the internal name of the Exchange Vitrual directory it will give you a certificate error because the Exchange server name does not exist in the cert.

We also do the same thing in our environment and internal names need to be added to some certs the way that we get around this is have a .com internal domain have it as a registrar. You can then add your company whois details to this and although you do not have to publish this to the internet it is just another method the 3rd party certificate companies can identify that it is you. If your internal domain name is taken externally, or it is not a valid external domain like (.local) then you are out of luck.

Changing your virtual directories it the quickest fix for your situation.

RailroadAuthor Commented:
Ran the script to update the virtual directories and all is working.

Thank you for the help!
Carol ChisholmCommented:
Glad to be useful.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now