Solved

Exchange 2010 SSL Certificate Renewal, no Subject Access Names allowed for internal domain names.

Posted on 2014-09-09
2
245 Views
1 Endorsement
Last Modified: 2014-09-09
Hi,

Up until recently GoDaddy have allowed local names in their SAN for SSL certificates. This meant we could have

external-ex01.ourcompany.com/owa

and

internal-ex01.ourcompany.local/owa

on the same certificate. Unfortuantely CA's have now preventing the renewal on SANs that are not FQDN. We have created Self-Signed Exchange 2010 certificates with the local names and rolled them out to our users via GPO. However Outlook 2010 is still looking at the SSL certificate for the external names.

How do we resolve this?
1
Comment
Question by:SimonBrook
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40312107
This is a very common problem and easily resolved.
You just need to use the external host name internally via a split DNS system.

http://semb.ee/hostnames2010

Forget about using self signed certificates, waste of time.

Simon.
0
 
LVL 1

Author Closing Comment

by:SimonBrook
ID: 40312116
Thanks for this!
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question