SSL FQDN for Internal Exchange 2010 SP3 Server Question

Hello,
   We currently have our SSL cert verifying connections to our local exchange server. However, our domain is called company.local. SO, by Nov. 1 we need to change this. We have a FQDN that currently points to our MX Logic Spam filter which then dumps the email to our exchange server. Is there a way to add that FQDN to the Exchange server so we can have a valid SSL cert? A local cert is not acceptable as we have some HIPAA compliance issues to deal with.
JesusFreak42Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kash2nd Line EngineerCommented:
MX records should not make any difference to the certificate.

The certificate comes in questions when accessing OWA, activesync etc.

If you are using a 3rd party certificate then all you need is renew it if FQDN is still the same.
David Johnson, CD, MVPOwnerCommented:
you need to point the access points to a publicly available domain
external -- mydomain.net
internal      mydomain.local

A local cert is not acceptable as we have some HIPAA compliance issues to deal with. if you mean self signed then I partially agree with you but if you have your own Certificate Authority you can then push the root CA public certificate to the domain computers into their trusted root provider store and then you will be able to accept the certificate without any errors.  There is absolutely no difference in the PKI methodology between a local CA and a public CA other than the certificate is not included in the trusted root publishers store by default like the Hong Kong Post Office is.
JesusFreak42Author Commented:
I am sorry. But I do not see either reply as fully helping me out here. I know that the MX records do not matter. Just trying to give info.

We have no cert authority. We are getting certs from GoDaddy.

What do I need to do to basically make the local Exchange server accept a cert for .com instead of .local?
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

David Johnson, CD, MVPOwnerCommented:
Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmx
Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab

Open in new window

Depending on Your Configuration, You May Need to Run Some Additional Commands:
Set-ActiveSyncVirtualDirectory -Identity HostName\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl https://mail.yourdomain.com/Microsoft-Server-ActiveSync
Set-OWAVirtualDirectory -Identity "HostName\owa (Default Web Site)" -InternalUrl https://mail.yourdomain.com/owa
Set-ECPVirtualDirectory -Identity "HostName\ecp (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ecp
Set-OutlookAnywhere -Identity "HostName\Rpc (Default Web Site)" -InternalHostname mail.yourdomain.com -InternalClientsRequireSsl $true

Open in new window


Note: Depending on your configuration, the OutlookAnywhere setting might not be set up.
Recycle the IIS Application Pools
http://bit.ly/1IKjYS4
Jeff GloverSr. Systems AdministratorCommented:
The above works as long as you have Split Brain DNS in your  organization.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JesusFreak42Author Commented:
Thanks for the help. We ended up moving to 365 .
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.