SBS 2011 & New SSL Cert

Our current GoDaddy SSL certificate will expire soon, and now I need to order a new one.  I have a question about the Subject Alternative Names.  Right now we have remote.domainname.com, www.remote.domainname.com, domainname.com, and the internal name SRV1.internaldomainname.local.

So when I place the order for a new certificate with the above alternative names excluding the .local, and when I install it will it affect connectivity with office outlook clients?  I just want to make sure everything remains working fine after installing a new ssl cert without the .local included.  Everything on the outside relies upon the remote.domainname.com (owa, outlook rpc, remote workplace, activesync, etc.

Current Subject Alternate Names
cmp119IT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

systechadminConsultantCommented:
Hi better keep that name in the certificate. it might prompt the cert warnings to the user.
cmp119IT ManagerAuthor Commented:
SSL certs will no longer issue names with .local, so that is why I ask.  I am sure other people have gone through this, and know if this is a problem or not.  If it is, what is a workaround.
systechadminConsultantCommented:
what version of exchange you are using. and yes SAN certificates provides that facility
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

cmp119IT ManagerAuthor Commented:
SBS 2011 comes with Exchange 2010.
Shreedhar EtteCommented:
Hi CMP11,

Yes, you are correct .local name certificate will not be issued going forward.

Please execute below commands to make sure nothing is pointing to servername.domainname.local:


Get-AutodiscoverVirtualDirectory | ft Identity,InternalURL,ExternalUrl
 
Get-webservicesVirtualDirectory | ft Identity,InternalURL,ExternalUrl
 
Get-OabVirtualDirectory | ft Identity,InternalURL,ExternalUrl
 
Get-OwaVirtualDirectory | ft Identity,InternalURL,ExternalUrl
 
Get-EcpVirtualDirectory | ft Identity,InternalURL,ExternalUrl
 
Get-ActiveSyncVirtualDirectory | ft Identity,InternalURL,ExternalUrl

If anything pointing to .local then modify it and point it to remote.domain.com.

Also verify your AutodiscoverUri is not pointing to .local execute below command to find out:
Get-ClientAccessServer | fl
Simon Butler (Sembee)ConsultantCommented:
As this is SBS, you need to ignore the posts above, which are for the full product.
As long as the server was setup with the wizards, then all of the relevant changes have been made for you.
Just get the new certificate with remote.example.com as the common name, and Autodiscover.example.com as an additional name. No other names required. Complete the SSL request in Exchange, then run the SSL certificate wizard in the management console to complete the installation using an existing certificate. SBS does everything else for you.

Simon.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cmp119IT ManagerAuthor Commented:
I ran all of the commands.  They all point to "https://remote.domainname.com/".  I am not sure about the last command "Get-ClientAccessServer | fl" output though.  I see the AutoDiscoverServiceInternalURI does point to "https://remote.domainname.com/", so I think its fine as well.  

So, if you believe all the commands I ran indicate we are good to obtain and install a new ssl certicate for remote.domainname.com, www.remote.domainname.com, and domainname.com.  That's what we have now without the .local name, and it all has been working fine.  I just want to make sure all Outlook clients don't have connectivity issues.  When possible, please let me know.  Thanks Shreedhar.  

commandoutput.txt
cmp119IT ManagerAuthor Commented:
Thanks for your feedback Simon.  I ran the commands anyway, and they all point to remote.domainname.com anyways.  I was not sure about the autodiscover.domainname.com additional name.  I will place the order shortly, and follow the steps indicated.
cmp119IT ManagerAuthor Commented:
Sembee -  I acquired the SSL Cert and installed it as suggested, and it appears to work fine.  However, I noticed http://remote.domainname.com/OWA does not work outside the office.  I can access the email by logging onto the remote workplace first, and then access email though.  I also noticed running the following command on the server https://127.0.0.1/OWA does not work either.  I do not believe the SSL cert is the issue.
Simon Butler (Sembee)ConsultantCommented:
If it works through RWW, then it should work directly.
The first thing to always do with errors on an SBS Server is run the fix my network wizard in the SBS console. See what that flags and correct.

Simon.
cmp119IT ManagerAuthor Commented:
Sorry for the severe delay responding.  Sembee thanks for helping with this issue.  The cert is installed and all is working fine with the exception of OWA not working internally or externally.  As stated before we can logon to the remote workplace, and then access email via the supplied email link, but accessing OWA does not work.  I will open another question to get help with this separate matter.  I also have not tried running fix my network yet either.
cmp119IT ManagerAuthor Commented:
Thank you Sembee!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.