We currently use a private internal active directory domain of .group and our external domain is .co.uk . As part of our Exchange infrastructure we used a Subject Alternative Name (SAN) certificate issued by GoDaddy, prior to changes in the use of non-verifiable SAN's, that secures access to the Exchange server. We've just received a certificate revocation warning from GoDaddy for this certificate as the .group extension has been registered as a gTLD and we now need to prove our right to use that domain. Unfortunatley .group domain's are not currently available to purchase so we need to lose the .group SANs from our certificate.
My knowledge of certificate services is quite basic and I need to understand what the impact of dropping the internal domain, .group, will be on our email infrastructure. I know I need to generate a new CSR on the Exchange server and re-key my existing certificate, then import the certificate into Exchange and activate it. However I'm concerned about the following....
1. Internal access to Exchange services via OWA and OUTLOOK will generate certificate errors when a user connects.
a. Is it possible to avoid these certificate errors?
b. Will OUTLOOK refuse to connect to the server because of the errors or is it possible to continue past the errors?
2. Will it break the internal autodiscover process for setting up email?
3. Is it possible to have a second self-certified certificate for internal connections to the mail server?
I trust I've made myself clear and that my questions make sense.
Many thanks for your assistance