Improve company productivity with a Business Account.Sign Up

x
?
Solved

GoDaddy Certificate For Exchange Without Using Local Domains

Posted on 2014-04-08
12
Medium Priority
?
992 Views
Last Modified: 2014-04-08
I bought a 5 year certificate from GoDaddy so that I don't have to renew it each year. Unfortunately when I went to do my CSR GoDaddy warned me that my certificate will only be valid for one year. The reason is that I don't have fully qualified domain names in my UCC certificate.

I have the following names in the certificate request:

remote.company.com (our main site)
autodiscover.company.com
server.domain.local
sites
servername

What do I need to do on my server to change server.domain.local, sites, and servername to fully-qualified domains? Are these names needed?

I am running Small Business Server 2011 with Exchange 2010.

Thank you in advance for any help.
0
Comment
Question by:Pawel_Kowalski
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 39987424
Run the below commands to change your internal urls to use the FQDN and not the .local

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmx 

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab
0
 

Author Comment

by:Pawel_Kowalski
ID: 39987427
mail.mydomain.com is actually an external server that I need (which is not exchange, it is used to route our mail to the outside world). Can I change mail to simply remote? So it will be remote.mydomain.com ?
0
 
LVL 12

Expert Comment

by:nealerocks
ID: 39987430
You can't have local names anymore because their identity can't be confirmed. You don't really need them however. The above commands will configure your Exchange server and clients to use external names every time they communicate with the server.
If you have any issues with accessing mail.yourdomain.com internally you can add DNS zones for mail.mydomain.com and any other domain names you need. This is sometimes needed for iPhones and mobile devices, depending on your firewall setup.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 12

Expert Comment

by:nealerocks
ID: 39987434
You can change mail to remote, just make sure all the exchange commands above are run using the remote name.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39987439
What is the domain name you use in calling OWA ?


This should be on your cert you can use the domain name your clients call to access your mail server externally, all you are doing is ensuring that all calls now go to .com instead of .local.

So whatever your external urls are, simply configure your internal urls to be the same.

You can run the following commands to get the External Urls:
Get-ActiveSyncVirtualDirectory   | ft server,*lur* -AutoSize
Get-AutodiscoverVirtualDirectory | ft server,*lur* -AutoSize
Get-ClientAccessServer           | ft name,  *lur* -AutoSize
Get-EcpVirtualDirectory          | ft server,*lur* -AutoSize
Get-OabVirtualDirectory          | ft server,*lur* -AutoSize
Get-OwaVirtualDirectory          | ft server,*lur* -AutoSize
Get-WebServicesVirtualDirectory  | ft server,*lur* –AutoSize
0
 

Author Comment

by:Pawel_Kowalski
ID: 39987442
For OWA I use remote.mydomain.com

So just to verify if I use the following I won't have any issues?

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://remote.yourdomain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://remote.yourdomain.com/ews/exchange.asmx 

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://remote.yourdomain.com/oab
0
 
LVL 29

Expert Comment

by:becraig
ID: 39987449
Yup should work, just validate the External URLs with the commands I gave you above.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39987453
The only certificate names you need to include now are:

remote.company.com
autodiscover.company.com

You can lose the others happily, then run the commands below to change ALL your internal URL's to point to your public FQDN and all will be fine:

Set-AutodiscoverVirtualDirectory -Identity * -internalurl “https://mail.domain.org/autodiscover/autodiscover.xml”
Set-ClientAccessServer -Identity * -AutodiscoverServiceInternalUri “https://mail.domain.org/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory -Identity * -internalurl “https://mail.domain.org/EWS/Exchange.asmx”
Set-oabvirtualdirectory -Identity * -internalurl “https://mail.domain.org/oab”
Set-owavirtualdirectory -Identity * -internalurl “https://mail.domain.org/owa”
Set-ecpvirtualdirectory -Identity * -internalurl “https://mail.domain.org/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "https://mail.domain.org/Microsoft-Server-ActiveSync"

Alan
0
 

Author Comment

by:Pawel_Kowalski
ID: 39987469
Thanks, attached is what I get running the commands (this is before I make any changes). Seems like everything already points to remote.mydomain.com.

Does that mean I only need remote.mydomain.com and autodiscover.mydomain.com on my certificate?

Also, is this a typo:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri

Should it be:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUrl

?
commands.jpg
0
 
LVL 12

Expert Comment

by:nealerocks
ID: 39987471
Yes that is correct. you only need those two names on your cert.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39987475
Yup command output looks good - no need to change urls again cert subjects also look good.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39987491
Yes to just the two names and no - it isn't a typo.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Configure external lookups on for external mail flow on Exchange 2013 and Exchange 2016.
Microsoft Exchange Server gives you the ability to roll back a corrupt database, but still preserve any data written to that database since the last successful backup. Unfortunately the documentation on how to do this when recovering using imaging b…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

605 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question