We just finished up an exchange 2007 to 2010 migration. We have a simple basic setup. 1 exchange 2010 - HUB,CAS, & Mailbox. All users connect with Outlook 2010 on the internal network (either locally or via vpn to local lan). We do have a public dns name webmail that we port forward 443 externally through our firewall to internal 443 on the exchange for owa & active-sync primarily.
All internal outlook 2010 users now get a security alert pop-up mentioning that the name on the security cert is invalid or does not match the name of the site.
I did move the SSL cert we used on 2007 to 2010, and its name is for webmail.external.com
The pop-up error makes reference to the internal exchange2010.internal.loca
l server name (not matching the external name on the ssl cert).
I am curious what is the best option to correct my exchange to get this popup message to go away?
I was thinking I could ditch my current ssl cert, and get a new SAN cert with webmail.external.com & exchange2010.internal.loca
l. Would this be correct?
I also saw this artice http://support.microsoft.com/kb/940726
but have not tried this yet.
In a net shell I still do want everyone to access our exchange locally, and only owa & active-sync externally.
Any advice would be greatly appreciated.