Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 348
  • Last Modified:

SAN Cert SSL Hell

Is it possible to take the SAN cert for exchange 2010 I got from Godaddy and push it to all our clients so Outlook doesn't keep yelling about our internal CAS array not being in the SAN cert?
0
mauisun
Asked:
mauisun
  • 2
  • 2
1 Solution
 
MaheshArchitectCommented:
CAS array name is not required in SAN certificate
You need to setup Split DNS so your internal Exchange hostnames are same as external hostnames
0
 
mauisunAuthor Commented:
Thanks for your comment.

SAN cert says webmail.domain.org, autodiscover.domain.org.
Outlook is connecting to cas1.localdomain.org, cas2.localdomain.org

we used to have two TMGs. They're gone now. And we've applied the public cert to the cas servers.

I'm  a little lost here.
0
 
mauisunAuthor Commented:
But the SAN SSL still has to have the server name in it yes?
0
 
Simon Butler (Sembee)ConsultantCommented:
The SSL certificate does not have to have the name of the server in it, and I would go as far as to say it shouldn't do.

The CAS Array is a unique host name, used for the MAPI TCP access only. It should not be used for anything else.

Configure a split DNS system so the external name resolves internally, then use the article of mine above (also at http://semb.ee/hostnames) to configure Exchange to use the external host name internally.

That will stop the errors - no need to push anything to the clients.

Simon.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now