Solved

GoDaddy Certificate For Exchange Without Using Local Domains

Posted on 2014-04-08
12
970 Views
Last Modified: 2014-04-08
I bought a 5 year certificate from GoDaddy so that I don't have to renew it each year. Unfortunately when I went to do my CSR GoDaddy warned me that my certificate will only be valid for one year. The reason is that I don't have fully qualified domain names in my UCC certificate.

I have the following names in the certificate request:

remote.company.com (our main site)
autodiscover.company.com
server.domain.local
sites
servername

What do I need to do on my server to change server.domain.local, sites, and servername to fully-qualified domains? Are these names needed?

I am running Small Business Server 2011 with Exchange 2010.

Thank you in advance for any help.
0
Comment
Question by:Pawel_Kowalski
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 39987424
Run the below commands to change your internal urls to use the FQDN and not the .local

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmx 

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab
0
 

Author Comment

by:Pawel_Kowalski
ID: 39987427
mail.mydomain.com is actually an external server that I need (which is not exchange, it is used to route our mail to the outside world). Can I change mail to simply remote? So it will be remote.mydomain.com ?
0
 
LVL 12

Expert Comment

by:nealerocks
ID: 39987430
You can't have local names anymore because their identity can't be confirmed. You don't really need them however. The above commands will configure your Exchange server and clients to use external names every time they communicate with the server.
If you have any issues with accessing mail.yourdomain.com internally you can add DNS zones for mail.mydomain.com and any other domain names you need. This is sometimes needed for iPhones and mobile devices, depending on your firewall setup.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 12

Expert Comment

by:nealerocks
ID: 39987434
You can change mail to remote, just make sure all the exchange commands above are run using the remote name.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39987439
What is the domain name you use in calling OWA ?


This should be on your cert you can use the domain name your clients call to access your mail server externally, all you are doing is ensuring that all calls now go to .com instead of .local.

So whatever your external urls are, simply configure your internal urls to be the same.

You can run the following commands to get the External Urls:
Get-ActiveSyncVirtualDirectory   | ft server,*lur* -AutoSize
Get-AutodiscoverVirtualDirectory | ft server,*lur* -AutoSize
Get-ClientAccessServer           | ft name,  *lur* -AutoSize
Get-EcpVirtualDirectory          | ft server,*lur* -AutoSize
Get-OabVirtualDirectory          | ft server,*lur* -AutoSize
Get-OwaVirtualDirectory          | ft server,*lur* -AutoSize
Get-WebServicesVirtualDirectory  | ft server,*lur* –AutoSize
0
 

Author Comment

by:Pawel_Kowalski
ID: 39987442
For OWA I use remote.mydomain.com

So just to verify if I use the following I won't have any issues?

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://remote.yourdomain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://remote.yourdomain.com/ews/exchange.asmx 

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://remote.yourdomain.com/oab
0
 
LVL 29

Expert Comment

by:becraig
ID: 39987449
Yup should work, just validate the External URLs with the commands I gave you above.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39987453
The only certificate names you need to include now are:

remote.company.com
autodiscover.company.com

You can lose the others happily, then run the commands below to change ALL your internal URL's to point to your public FQDN and all will be fine:

Set-AutodiscoverVirtualDirectory -Identity * -internalurl “https://mail.domain.org/autodiscover/autodiscover.xml”
Set-ClientAccessServer -Identity * -AutodiscoverServiceInternalUri “https://mail.domain.org/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory -Identity * -internalurl “https://mail.domain.org/EWS/Exchange.asmx”
Set-oabvirtualdirectory -Identity * -internalurl “https://mail.domain.org/oab”
Set-owavirtualdirectory -Identity * -internalurl “https://mail.domain.org/owa”
Set-ecpvirtualdirectory -Identity * -internalurl “https://mail.domain.org/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "https://mail.domain.org/Microsoft-Server-ActiveSync"

Alan
0
 

Author Comment

by:Pawel_Kowalski
ID: 39987469
Thanks, attached is what I get running the commands (this is before I make any changes). Seems like everything already points to remote.mydomain.com.

Does that mean I only need remote.mydomain.com and autodiscover.mydomain.com on my certificate?

Also, is this a typo:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri

Should it be:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUrl

?
commands.jpg
0
 
LVL 12

Expert Comment

by:nealerocks
ID: 39987471
Yes that is correct. you only need those two names on your cert.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39987475
Yup command output looks good - no need to change urls again cert subjects also look good.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39987491
Yes to just the two names and no - it isn't a typo.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question