How can we use extern & local url with SSL certificate ?


I am busy to install a new Exchange 2013 server but I still get an error with certificate.
I have 2 urls (one extern url to connec to Exchange remotely and one local url.)
I successfully installed my SSL certificate for the extern url but I still get an error locally when I start Outlook because Outlook is asking for local certificate.
I don't understand what is wrong in my configuration because on my old server I only used the SSL certificate for extern url and I hadn't got any problem  locally and externally.  The certificate was OK in both case.

Do you have any idea about the problem ?  Problem in the configuration of Exchange 2003 (different than 2007) ?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


If using a certificate the certificate always looks at the URL it is assigned to.
So let's say the certificate is requested for the then when you browse to that site, the certificate is oke because it is the same as the server name you typed in.

If e.g. you use the certificate isn't correct anymore and the name it doesn't represent the URL you just typed in.
It may be because the certificate name doesn't match the local server name. Some applications will accept this, but others will complain, because technically, it's an error. You can only have one cert per site, so it might help to set up internal DNS records for the same external server name, pointing to the local IP address. That way, you can use the same server name internally and externally. Which is what most of us end up doing.

Unless you tried that?
Simon Butler (Sembee)ConsultantCommented:
The best practise with Exchange 2013 is to use the same URL for internal and external traffic.
Use a split DNS system to have the external name resolve internally to Exchange. No internal only URLs used.
This also helps the end users as they only have to remember one address.

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

SA-ITAuthor Commented:
Yes my external url is like webmail.xxxx.xx and I have a local server name.  I also have a DNS record for which point to the local server name (locally). (it is the same domain locally & externally)
It was perfectly working on my 2007 exchange and I hadn't got any problem of certificate.
Is it a limitation with Exchange 2013 ?
Simon Butler (Sembee)ConsultantCommented:
There is no limitation, but you do have to configure Exchange to use the external host name. That includes the crucial Outlook Anywhere configuration.

SA-ITAuthor Commented:
When do I need to make this change in Exchange 2013 ?
Simon Butler (Sembee)ConsultantCommented:
As soon as you have an SSL certificate on the server to match the host name.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.