Solved

GoDaddy Certificate For Exchange Without Using Local Domains

Posted on 2014-04-08
12
980 Views
Last Modified: 2014-04-08
I bought a 5 year certificate from GoDaddy so that I don't have to renew it each year. Unfortunately when I went to do my CSR GoDaddy warned me that my certificate will only be valid for one year. The reason is that I don't have fully qualified domain names in my UCC certificate.

I have the following names in the certificate request:

remote.company.com (our main site)
autodiscover.company.com
server.domain.local
sites
servername

What do I need to do on my server to change server.domain.local, sites, and servername to fully-qualified domains? Are these names needed?

I am running Small Business Server 2011 with Exchange 2010.

Thank you in advance for any help.
0
Comment
Question by:Pawel_Kowalski
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 39987424
Run the below commands to change your internal urls to use the FQDN and not the .local

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmx 

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab
0
 

Author Comment

by:Pawel_Kowalski
ID: 39987427
mail.mydomain.com is actually an external server that I need (which is not exchange, it is used to route our mail to the outside world). Can I change mail to simply remote? So it will be remote.mydomain.com ?
0
 
LVL 12

Expert Comment

by:nealerocks
ID: 39987430
You can't have local names anymore because their identity can't be confirmed. You don't really need them however. The above commands will configure your Exchange server and clients to use external names every time they communicate with the server.
If you have any issues with accessing mail.yourdomain.com internally you can add DNS zones for mail.mydomain.com and any other domain names you need. This is sometimes needed for iPhones and mobile devices, depending on your firewall setup.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 12

Expert Comment

by:nealerocks
ID: 39987434
You can change mail to remote, just make sure all the exchange commands above are run using the remote name.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39987439
What is the domain name you use in calling OWA ?


This should be on your cert you can use the domain name your clients call to access your mail server externally, all you are doing is ensuring that all calls now go to .com instead of .local.

So whatever your external urls are, simply configure your internal urls to be the same.

You can run the following commands to get the External Urls:
Get-ActiveSyncVirtualDirectory   | ft server,*lur* -AutoSize
Get-AutodiscoverVirtualDirectory | ft server,*lur* -AutoSize
Get-ClientAccessServer           | ft name,  *lur* -AutoSize
Get-EcpVirtualDirectory          | ft server,*lur* -AutoSize
Get-OabVirtualDirectory          | ft server,*lur* -AutoSize
Get-OwaVirtualDirectory          | ft server,*lur* -AutoSize
Get-WebServicesVirtualDirectory  | ft server,*lur* –AutoSize
0
 

Author Comment

by:Pawel_Kowalski
ID: 39987442
For OWA I use remote.mydomain.com

So just to verify if I use the following I won't have any issues?

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://remote.yourdomain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://remote.yourdomain.com/ews/exchange.asmx 

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://remote.yourdomain.com/oab
0
 
LVL 29

Expert Comment

by:becraig
ID: 39987449
Yup should work, just validate the External URLs with the commands I gave you above.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39987453
The only certificate names you need to include now are:

remote.company.com
autodiscover.company.com

You can lose the others happily, then run the commands below to change ALL your internal URL's to point to your public FQDN and all will be fine:

Set-AutodiscoverVirtualDirectory -Identity * -internalurl “https://mail.domain.org/autodiscover/autodiscover.xml”
Set-ClientAccessServer -Identity * -AutodiscoverServiceInternalUri “https://mail.domain.org/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory -Identity * -internalurl “https://mail.domain.org/EWS/Exchange.asmx”
Set-oabvirtualdirectory -Identity * -internalurl “https://mail.domain.org/oab”
Set-owavirtualdirectory -Identity * -internalurl “https://mail.domain.org/owa”
Set-ecpvirtualdirectory -Identity * -internalurl “https://mail.domain.org/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "https://mail.domain.org/Microsoft-Server-ActiveSync"

Alan
0
 

Author Comment

by:Pawel_Kowalski
ID: 39987469
Thanks, attached is what I get running the commands (this is before I make any changes). Seems like everything already points to remote.mydomain.com.

Does that mean I only need remote.mydomain.com and autodiscover.mydomain.com on my certificate?

Also, is this a typo:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri

Should it be:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUrl

?
commands.jpg
0
 
LVL 12

Expert Comment

by:nealerocks
ID: 39987471
Yes that is correct. you only need those two names on your cert.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39987475
Yup command output looks good - no need to change urls again cert subjects also look good.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39987491
Yes to just the two names and no - it isn't a typo.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question