In a similar scenario as
I have three Exch2010 servers using mail[1-3].contoso.local as FQDN. They are serving internal and external clients.
Our current SSL cert has several SAN, covering contoso.com and contoso.local, but it's going to expire soon. We have now a new *.contoso.com certificate to cover our external clients + autodiscover, but nothing for local. After setting it up, some internal clients started to receive an SSL warning (of course, they are connecting to contoso.local and the cert is for contoso.com).
1. What could be the impact to the traffic between the three mail[1-3] servers if there is no .local cert available?? (they all know each other as .local)
2. We have a split DNS setting, and we have mail.contoso.com pointing to one of the internal IP of one of our contoso.local. I know most of our internal clients are pointing to mail.contoso.local for Exchange server. I want to get rid of the mail.contoso.local in outlook users and replace it for mail.contoso.com
2.1 Can this be reconfigured just setting a proper internal autodiscovery?
2.2 Must I go client by client reconfiguring the email account?
2.3 Should I point all InternalURI to contoso.com (they are now pointing to contoso.local)