?
Solved

Exchange 2010 SSL Certificate Renewal, no Subject Access Names allowed for internal domain names.

Posted on 2014-09-09
2
Medium Priority
?
249 Views
1 Endorsement
Last Modified: 2014-09-09
Hi,

Up until recently GoDaddy have allowed local names in their SAN for SSL certificates. This meant we could have

external-ex01.ourcompany.com/owa

and

internal-ex01.ourcompany.local/owa

on the same certificate. Unfortuantely CA's have now preventing the renewal on SANs that are not FQDN. We have created Self-Signed Exchange 2010 certificates with the local names and rolled them out to our users via GPO. However Outlook 2010 is still looking at the SSL certificate for the external names.

How do we resolve this?
1
Comment
Question by:SimonBrook
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 40312107
This is a very common problem and easily resolved.
You just need to use the external host name internally via a split DNS system.

http://semb.ee/hostnames2010

Forget about using self signed certificates, waste of time.

Simon.
0
 
LVL 1

Author Closing Comment

by:SimonBrook
ID: 40312116
Thanks for this!
0

Featured Post

The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question