GoDaddy Certificate For Exchange Without Using Local Domains

I bought a 5 year certificate from GoDaddy so that I don't have to renew it each year. Unfortunately when I went to do my CSR GoDaddy warned me that my certificate will only be valid for one year. The reason is that I don't have fully qualified domain names in my UCC certificate.

I have the following names in the certificate request:

remote.company.com (our main site)
autodiscover.company.com
server.domain.local
sites
servername

What do I need to do on my server to change server.domain.local, sites, and servername to fully-qualified domains? Are these names needed?

I am running Small Business Server 2011 with Exchange 2010.

Thank you in advance for any help.
Pawel_KowalskiAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
becraigConnect With a Mentor Commented:
Run the below commands to change your internal urls to use the FQDN and not the .local

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmx 

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab
0
 
Pawel_KowalskiAuthor Commented:
mail.mydomain.com is actually an external server that I need (which is not exchange, it is used to route our mail to the outside world). Can I change mail to simply remote? So it will be remote.mydomain.com ?
0
 
nealerocksCommented:
You can't have local names anymore because their identity can't be confirmed. You don't really need them however. The above commands will configure your Exchange server and clients to use external names every time they communicate with the server.
If you have any issues with accessing mail.yourdomain.com internally you can add DNS zones for mail.mydomain.com and any other domain names you need. This is sometimes needed for iPhones and mobile devices, depending on your firewall setup.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
nealerocksCommented:
You can change mail to remote, just make sure all the exchange commands above are run using the remote name.
0
 
becraigCommented:
What is the domain name you use in calling OWA ?


This should be on your cert you can use the domain name your clients call to access your mail server externally, all you are doing is ensuring that all calls now go to .com instead of .local.

So whatever your external urls are, simply configure your internal urls to be the same.

You can run the following commands to get the External Urls:
Get-ActiveSyncVirtualDirectory   | ft server,*lur* -AutoSize
Get-AutodiscoverVirtualDirectory | ft server,*lur* -AutoSize
Get-ClientAccessServer           | ft name,  *lur* -AutoSize
Get-EcpVirtualDirectory          | ft server,*lur* -AutoSize
Get-OabVirtualDirectory          | ft server,*lur* -AutoSize
Get-OwaVirtualDirectory          | ft server,*lur* -AutoSize
Get-WebServicesVirtualDirectory  | ft server,*lur* –AutoSize
0
 
Pawel_KowalskiAuthor Commented:
For OWA I use remote.mydomain.com

So just to verify if I use the following I won't have any issues?

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://remote.yourdomain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://remote.yourdomain.com/ews/exchange.asmx 

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://remote.yourdomain.com/oab
0
 
becraigCommented:
Yup should work, just validate the External URLs with the commands I gave you above.
0
 
Alan HardistyCo-OwnerCommented:
The only certificate names you need to include now are:

remote.company.com
autodiscover.company.com

You can lose the others happily, then run the commands below to change ALL your internal URL's to point to your public FQDN and all will be fine:

Set-AutodiscoverVirtualDirectory -Identity * -internalurl “https://mail.domain.org/autodiscover/autodiscover.xml”
Set-ClientAccessServer -Identity * -AutodiscoverServiceInternalUri “https://mail.domain.org/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory -Identity * -internalurl “https://mail.domain.org/EWS/Exchange.asmx”
Set-oabvirtualdirectory -Identity * -internalurl “https://mail.domain.org/oab”
Set-owavirtualdirectory -Identity * -internalurl “https://mail.domain.org/owa”
Set-ecpvirtualdirectory -Identity * -internalurl “https://mail.domain.org/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "https://mail.domain.org/Microsoft-Server-ActiveSync"

Alan
0
 
Pawel_KowalskiAuthor Commented:
Thanks, attached is what I get running the commands (this is before I make any changes). Seems like everything already points to remote.mydomain.com.

Does that mean I only need remote.mydomain.com and autodiscover.mydomain.com on my certificate?

Also, is this a typo:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri

Should it be:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUrl

?
commands.jpg
0
 
nealerocksCommented:
Yes that is correct. you only need those two names on your cert.
0
 
becraigCommented:
Yup command output looks good - no need to change urls again cert subjects also look good.
0
 
Alan HardistyCo-OwnerCommented:
Yes to just the two names and no - it isn't a typo.
0
All Courses

From novice to tech pro — start learning today.