Solved

GoDaddy Certificate For Exchange Without Using Local Domains

Posted on 2014-04-08
12
973 Views
Last Modified: 2014-04-08
I bought a 5 year certificate from GoDaddy so that I don't have to renew it each year. Unfortunately when I went to do my CSR GoDaddy warned me that my certificate will only be valid for one year. The reason is that I don't have fully qualified domain names in my UCC certificate.

I have the following names in the certificate request:

remote.company.com (our main site)
autodiscover.company.com
server.domain.local
sites
servername

What do I need to do on my server to change server.domain.local, sites, and servername to fully-qualified domains? Are these names needed?

I am running Small Business Server 2011 with Exchange 2010.

Thank you in advance for any help.
0
Comment
Question by:Pawel_Kowalski
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 39987424
Run the below commands to change your internal urls to use the FQDN and not the .local

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmx 

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab
0
 

Author Comment

by:Pawel_Kowalski
ID: 39987427
mail.mydomain.com is actually an external server that I need (which is not exchange, it is used to route our mail to the outside world). Can I change mail to simply remote? So it will be remote.mydomain.com ?
0
 
LVL 12

Expert Comment

by:nealerocks
ID: 39987430
You can't have local names anymore because their identity can't be confirmed. You don't really need them however. The above commands will configure your Exchange server and clients to use external names every time they communicate with the server.
If you have any issues with accessing mail.yourdomain.com internally you can add DNS zones for mail.mydomain.com and any other domain names you need. This is sometimes needed for iPhones and mobile devices, depending on your firewall setup.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 12

Expert Comment

by:nealerocks
ID: 39987434
You can change mail to remote, just make sure all the exchange commands above are run using the remote name.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39987439
What is the domain name you use in calling OWA ?


This should be on your cert you can use the domain name your clients call to access your mail server externally, all you are doing is ensuring that all calls now go to .com instead of .local.

So whatever your external urls are, simply configure your internal urls to be the same.

You can run the following commands to get the External Urls:
Get-ActiveSyncVirtualDirectory   | ft server,*lur* -AutoSize
Get-AutodiscoverVirtualDirectory | ft server,*lur* -AutoSize
Get-ClientAccessServer           | ft name,  *lur* -AutoSize
Get-EcpVirtualDirectory          | ft server,*lur* -AutoSize
Get-OabVirtualDirectory          | ft server,*lur* -AutoSize
Get-OwaVirtualDirectory          | ft server,*lur* -AutoSize
Get-WebServicesVirtualDirectory  | ft server,*lur* –AutoSize
0
 

Author Comment

by:Pawel_Kowalski
ID: 39987442
For OWA I use remote.mydomain.com

So just to verify if I use the following I won't have any issues?

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://remote.yourdomain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://remote.yourdomain.com/ews/exchange.asmx 

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://remote.yourdomain.com/oab
0
 
LVL 29

Expert Comment

by:becraig
ID: 39987449
Yup should work, just validate the External URLs with the commands I gave you above.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39987453
The only certificate names you need to include now are:

remote.company.com
autodiscover.company.com

You can lose the others happily, then run the commands below to change ALL your internal URL's to point to your public FQDN and all will be fine:

Set-AutodiscoverVirtualDirectory -Identity * -internalurl “https://mail.domain.org/autodiscover/autodiscover.xml”
Set-ClientAccessServer -Identity * -AutodiscoverServiceInternalUri “https://mail.domain.org/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory -Identity * -internalurl “https://mail.domain.org/EWS/Exchange.asmx”
Set-oabvirtualdirectory -Identity * -internalurl “https://mail.domain.org/oab”
Set-owavirtualdirectory -Identity * -internalurl “https://mail.domain.org/owa”
Set-ecpvirtualdirectory -Identity * -internalurl “https://mail.domain.org/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "https://mail.domain.org/Microsoft-Server-ActiveSync"

Alan
0
 

Author Comment

by:Pawel_Kowalski
ID: 39987469
Thanks, attached is what I get running the commands (this is before I make any changes). Seems like everything already points to remote.mydomain.com.

Does that mean I only need remote.mydomain.com and autodiscover.mydomain.com on my certificate?

Also, is this a typo:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri

Should it be:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUrl

?
commands.jpg
0
 
LVL 12

Expert Comment

by:nealerocks
ID: 39987471
Yes that is correct. you only need those two names on your cert.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39987475
Yup command output looks good - no need to change urls again cert subjects also look good.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39987491
Yes to just the two names and no - it isn't a typo.
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question