UCC Cert errors
Posted on 2014-02-06
Good morning Experts!
I'm currently running into an issue that I am having a hard time finding the resolution to.
2 years ago in Feb., I purchased a UCC Security Cert from Starfield which contained 4 Subject Alternative Names (SAN) both internet and intranet domain names. Well you could probably guess where I'm going with this. In July of 2012, the certificate industry made a significant change to disallow the use of intranet domains as a SAN. Fast forward 2 years to today I go to renew my cert and had to do so without our intranet domain name. I figure it was not a problem since I already have local self signed certs using Microsoft CA. Well it is a problem. Now I get the dreaded "Security Alert" window every time you open Outlook.
I contacted Starfield and after a long explanation (since the person I was talking to had no clue what I was talking about) let me know of the change and how to avoid the issue by sending me a KB article.
The article directed me to create a local dns zone that mimicked our public dns zone. Fortunately I had already done that to make sure there was only one OWA, EWS, etc., site for all services. The article also had me reconfigure Exchange's internal url's to point to our internet FQDN as opposed to our intranet FQDN.
After doing all of this, it still does not work. Something is still trying to communicate to the new cert but using our intranet FQDN. I can't find the culprit.
Any assistance would be greatly appreciated!