Learn how to a build a cloud-first strategyRegister Now


New SSL certificate requirments and configuring microsoft exchange appropriately

Posted on 2014-08-09
Medium Priority
Last Modified: 2014-08-09
As many of you already know, there are new SSL certificate restrictions in place that will soon be enforced, which will no longer support including the use of internal SAN names (such as .local) in the certificate.

I have renewed my SSL cert, excluding any unsupported SAN values, and re-configured exchange 2010 to point everything from HOSTNAME.local to FQDN.com.

I have also created the appropriate internal dns zone to point my FQDN.com to my internal ip.

Externally, everything works great. i have tested activesync, outlook web access and outlook connectivity with no issues whatsoever. mxtoolbox comes back with no issues reported. all my devices (phones, tablets, etc.) appear to be working externally as well.

Internally, everything seems to be working with one issue: on my workstations running outlook 2010 or lower, they are getting prompted to accept the certificate 1-2 times upon startup, and often at seemingly random times that outlook is already open, and you have to click on "accept" to continue. it does not seem to be affecting client running outlook 2013.

i have tried deleting the existing exchange profile on a workstation and recreating it using FQDN.com as the mail server, but as soon as i click on on "check name" it of course reverts it back to HOSTNAME.local. i cant force it to use FQDN.com.

Does anyone know how to proceed with correcting this particular issue?
Question by:Mark Hoepelman
LVL 28

Accepted Solution

MAS earned 2000 total points
ID: 40251078
LVL 38

Expert Comment

ID: 40251083
Check below article, I think this might be your issue and try solution mentioned there

Author Closing Comment

by:Mark Hoepelman
ID: 40251126
this was exactly the issue. apparently some of these values are only configurable via the exchange management shell and not via the exchange  GUI. after running through this config the issue was resolved. thank you very much!

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
MS Outlook undoubtedly is the most widely used email client.Its user-friendliness, cost effectiveness, and availability with Microsoft Office Suite make it the most popular email application.  Its compatibility with Microsoft applications like Exch…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month20 days, 23 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question