I recently had to update my SSL certificate through GoDaddy.com but after doing so my user are getting a security alert. I know this is for my .local SSL certificate. I'm being told I need to reconfigure my Exchange Server 2010 to use a FQDN but the step they sent me are a little confusing plus I need to add a host A record in the DNS to map the FQDN. My wemail is working with the new SSL because it already has a FQDN.
Do I need to create a new Forward Lookup Zone as a .org and then add the Host (A) record of the exchange servers IP address to that zone?
Will this mess with the DNS on my .local?
Instruction to resolve the FQDN issue, change the URLs for the appropriate Exchange 2007 or 2010 components. To do this, follow these steps:
Note This resolution has to be applied by an administrator. If you are not the administrator, contact your administrator.
1. Start the Exchange Management Shell.
2. Change the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To change this URL, type the following command, and then press Enter:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceIntern
3. Change the InternalUrl attribute of the EWS. To do this, type the following command, and then press Enter:
ctory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl
4. Change the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press Enter:
Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl
5. Change the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press Enter:
Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedme
ssaging (Default Web Site)" -InternalUrl
Note This command is required only in an Exchange 2007 environment. This command no longer exists in an Exchange 2010 environment. Instead, the WebServices URL is used for this purpose. Therefore, if you are using Exchange 2010, you can skip this step, as the WebServices URL should have been changed in step 3.
6. Open IIS Manager. For more information about how to do this, see How to: Open IIS Manager.
7. Expand the local computer, and then expand Application Pools.
8. Right-click MSExchangeAutodiscoverAppP
ool, and then click Recycle.
These steps assume that a host record exists in the DNS to map the FQDN that you specify to the IP address of the CAS server. For example, consider the following scenario:
The original internal URLs for the Exchange components point to the internal FQDN of the server. For example, one of these URLs points to the following: https://ServerName.contoso.com/ews/exchange.asmx
The FQDN that is specified on the certificate points to the externally accessed host name of the server. For example, the certificate specifies an FQDN, such as "mail.contoso.com." In this scenario, you must add a host record for the mail host name that is mapped to the internally accessed IP address of the CAS server to let internal clients access the server.
I want to make this is correct and that it will not down my users. Or could I just remove the local certificate from the exchange server, will this resolve the security alert? What would be the best course of action for me to take?