Exchange 2013 Virtual Directories, CNAME & DNS Help

I am in the process of setting up a fresh install of Exchange 2013 in a new domain.  The domain is  I have setup the Exchange Virtual Directories (OWA, ECP, etc.) to be  

In order to allow my internal users to use to access their email in their browser, I created an Alias / CNAME in the DNS Manager on the domain controller.  Since there was only one Forward Lookup Zone of, I had to create a second Forward Lookup Zone of and create the Alias there for  

This seems to have worked.  Within the network, I am able to go to and it brings me to the OWA login page.  

Now for my questions:

#1 - Did I set this up correctly?  I am pretty green when it comes to DNS configurations and such.  I just want to make sure that this was setup properly and that I am not going to have any problems.  

#2 - I am purchasing a wildcard SSL certificate for use on the Exchange Server.  I am assuming that I will need to use as the root domain for the certificate.  While the Exchange server that the certificate will be installed on is part of the domain, the site that the user will go to is to access their mail.  I just want to verify that is the proper root domain to have the certificate issued to for use on the Exchange server.  

Thanks in advance for all the help!
csimmons1324IT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Suliman Abu KharroubIT Consultant Commented:
It will work but the question, why do you have different domain names for the same org ?  one internally and one externally with different names ?
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
You should set up your DNS entries to something like as wild card certificates works for entries such as * where * could be each division name.  If you are going with then you will require multiple SSL certificates, one for each division name.
csimmons1324IT ManagerAuthor Commented:

Our legal name for the company is "XYZ, Inc."  However, we do not really use this name in the marketplace as it is simply the legal parent company name.  Everyone in the market knows us as "XYZ Systems."  Technically speaking, "XYZ Systems" is a division of "XYZ, Inc."  We also have another division "ABC Technologies."  Once again, this division falls under the "XYZ, Inc." parent company.  

We own the external domains, and  "ABC Technolgies" sells a subset of the products of "XYZ Systems" and just targets a niche market.  Being a SMB...all of our sales guys and internal employees support both divisions.  So from an internal structure there is really no seperation between the divisions.  Therefore, management made the decision that all of our email addresses will be as this is our largest division and the name we are known as in the market place.    

With all of that said, I made the decision to setup our internal domain as "" since it is our actual legal name.  As I stated above, management made the decision to use for all our company email addresses.  When I setup our new Exchange server I set all the virtual directions to be I did this for two reasons:

1.  This is the site that our current Exchange Server (setup by our previous IT person) uses so our employees are familiar with going to to check their email over the web.

2.  Seeing that our email addresses are all it makes the most sense for the users to got to to get their email.
csimmons1324IT ManagerAuthor Commented:

I understand what you are saying and see the advantages there.  Using the naming convention in my last post...On the other hand, we pretty much use for everything.  If I buy a wildcard SSL certificate for * then I can use it in the following locations:

1. On our webserver to encrypt our backend admin login pages for our hosted website site.
2. I can use it on our internal email server.
3. Possibly on our IIS server for our outside sales guys to access our ERP portal.  I have yet to look into this so I am not entirely sure about this one.

Let's say I decide to with setting up DNS entris to something like as you mentioned.  How would I setup an Alias within DNS for  When I create the alias, the FQDN is automatically set with the format aliasname.forwardlookupzone.  If I had forward lookup zones of, per your suggestion, then wouldn't my virtual directories for Exchange need to be set to so that I could setup the mail alias within DNS?

I hope that makes stated previously, I am pretty new to this stuff.
csimmons1324IT ManagerAuthor Commented:
After setting up DNS with a new forward lookup zone for I realized that when I opened IE and went to it wouldn't resolve to our webhost.  I did some investigating and came across this article:

DNS now seems to resolve correctly as my internal users can visti and the website loads properly.  They can also go to and DNS resolves and they are able to access OWA.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.