I have a question related to generating the CSR code for a new Exchange Certificate.
Let’s say in a migration process (one Exchange2003 and one Exchange2010 scenario) your “Domain name you use to access Outlook Web App internally” in the Client Access server configuration section is servername.child.domain.com while your OWA on the internet is mail.domain.com.
1-What should I put for “Hub Transport server” (Use mutual TLS to help secure Internet mail) FQDN of your connector? I put “mail.domain.com”
I am asking this because by default if I were to ckeck “Use Hub Transport server for POP/IMAP client submission, the FQDN of the connector turns out to be auto filled as “child.domain.com,domain.com”. Is it how it is also supposed to be for the “Hub Transport server” (Use mutual TLS to help secure Internet mail) FQDN of your connector?
2-Even though I used the following while generating the code (with DigiCert):
a- Outlook Web App as “mail.domain.com”
b-ActiveSyn as “mail.domain.com”
c-Autodiscover as “autodiscover.domain.com”
d-legacy as “legacy.motovan.com”
and the names on the certificate are:
Note: The server FQDN (servername.child.domain.com) and child.domain.com were not included on the cert.
the “security alert” windows still managed to pop for some internal users. I am pretty confused why are some people only receiving it and not everyone. However, when I tried to load my own outlook profile to a new VM, then I receive the same “security alert” warning which I never received after the certificate was installed from my original PC, puting a red cross at ” The name on the security certificate is invalid or does not match the name of the site” referring to servername.child.domain.com.
DigiCert wants me to add the FQDN of the server to resolve the issue, is there any other alternative since I left the FQDN of the server out intentionally.
3- Should “child.domain.com” also be included on the certificate.
4-Am I missing DNS entries or extra configurations must be done in IIS?