Certificate for exchange 2010 server question

We currenlty have a certificate that is getting ready to expire. Our domain name is in this format:
So since the .local is not allowed any longer in the certificate, I found a link on how to change the exchange autodiscover, etc items that need to be changed to the internal urls to be the same as the external urls.
Our cert now has the 2 exch server names in it like this:
Do I even need to have these as part of my certificate since I have to remove them because of the .local
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
get a new cert specifying only the external fqdn you are using (server.domain.com or whatever the public suffix is)

also need to configure split dns so that internal users can access the external server name(s)

Windows - Setting Up Split DNS

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vmichAuthor Commented:
We have the split dns setup because I can ping the external url from inside and it responds to the exchange server and also if I ping the external url from the outsdie, it responds to th external ip of the exchange server.
But as i mentioned the domain name is domain
So that is a .local which the cert has the 2 exchn servers in it which are server1.domain and server2.domain
So do I need these in the exchange cert?
Simon Butler (Sembee)ConsultantCommented:
You cannot put a raw domain (ie one without a suffix) on the SSL certificate. That simply isn't allowed.

In simple terms, all names on the SSL certificate MUST resolve on the internet. host.domain would not resolve, so wouldn't be allowed.

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

vmichAuthor Commented:
My question is will it be an issue if I leave off the 2 servers names.domain since there domain name now is still a .local domain name since the certificate companies dont allow the .local names on the certs?
Meaning will it affect exchange at all?
Simon Butler (Sembee)ConsultantCommented:
Exchange doesn't care.
As long as you change all of the host names within Exchange to use your public host name, then you will be fine.

vmichAuthor Commented:
Yes I will be changing all of the internal urls to match the external urls and all of the virtual directories...
vmichAuthor Commented:
new cert
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.