New SSL certificate requirments and configuring microsoft exchange appropriately

As many of you already know, there are new SSL certificate restrictions in place that will soon be enforced, which will no longer support including the use of internal SAN names (such as .local) in the certificate.

I have renewed my SSL cert, excluding any unsupported SAN values, and re-configured exchange 2010 to point everything from HOSTNAME.local to FQDN.com.

I have also created the appropriate internal dns zone to point my FQDN.com to my internal ip.

Externally, everything works great. i have tested activesync, outlook web access and outlook connectivity with no issues whatsoever. mxtoolbox comes back with no issues reported. all my devices (phones, tablets, etc.) appear to be working externally as well.

Internally, everything seems to be working with one issue: on my workstations running outlook 2010 or lower, they are getting prompted to accept the certificate 1-2 times upon startup, and often at seemingly random times that outlook is already open, and you have to click on "accept" to continue. it does not seem to be affecting client running outlook 2013.

i have tried deleting the existing exchange profile on a workstation and recreating it using FQDN.com as the mail server, but as soon as i click on on "check name" it of course reverts it back to HOSTNAME.local. i cant force it to use FQDN.com.

Does anyone know how to proceed with correcting this particular issue?
Mark HoepelmanSenior Network EngineerAsked:
Who is Participating?
 
MaheshArchitectCommented:
Check below article, I think this might be your issue and try solution mentioned there
http://www.shudnow.net/2013/07/26/outlook-certificate-error-and-autodiscover-domain-com-not-working/
0
 
Mark HoepelmanSenior Network EngineerAuthor Commented:
this was exactly the issue. apparently some of these values are only configurable via the exchange management shell and not via the exchange  GUI. after running through this config the issue was resolved. thank you very much!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.