JesusFreak42
asked on
SSL FQDN for Internal Exchange 2010 SP3 Server Question
Hello,
We currently have our SSL cert verifying connections to our local exchange server. However, our domain is called company.local. SO, by Nov. 1 we need to change this. We have a FQDN that currently points to our MX Logic Spam filter which then dumps the email to our exchange server. Is there a way to add that FQDN to the Exchange server so we can have a valid SSL cert? A local cert is not acceptable as we have some HIPAA compliance issues to deal with.
We currently have our SSL cert verifying connections to our local exchange server. However, our domain is called company.local. SO, by Nov. 1 we need to change this. We have a FQDN that currently points to our MX Logic Spam filter which then dumps the email to our exchange server. Is there a way to add that FQDN to the Exchange server so we can have a valid SSL cert? A local cert is not acceptable as we have some HIPAA compliance issues to deal with.
you need to point the access points to a publicly available domain
external -- mydomain.net
internal mydomain.local
A local cert is not acceptable as we have some HIPAA compliance issues to deal with. if you mean self signed then I partially agree with you but if you have your own Certificate Authority you can then push the root CA public certificate to the domain computers into their trusted root provider store and then you will be able to accept the certificate without any errors. There is absolutely no difference in the PKI methodology between a local CA and a public CA other than the certificate is not included in the trusted root publishers store by default like the Hong Kong Post Office is.
external -- mydomain.net
internal mydomain.local
A local cert is not acceptable as we have some HIPAA compliance issues to deal with. if you mean self signed then I partially agree with you but if you have your own Certificate Authority you can then push the root CA public certificate to the domain computers into their trusted root provider store and then you will be able to accept the certificate without any errors. There is absolutely no difference in the PKI methodology between a local CA and a public CA other than the certificate is not included in the trusted root publishers store by default like the Hong Kong Post Office is.
ASKER
I am sorry. But I do not see either reply as fully helping me out here. I know that the MX records do not matter. Just trying to give info.
We have no cert authority. We are getting certs from GoDaddy.
What do I need to do to basically make the local Exchange server accept a cert for .com instead of .local?
We have no cert authority. We are getting certs from GoDaddy.
What do I need to do to basically make the local Exchange server accept a cert for .com instead of .local?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help. We ended up moving to 365 .
The certificate comes in questions when accessing OWA, activesync etc.
If you are using a 3rd party certificate then all you need is renew it if FQDN is still the same.