Reconfiguring Exchange server to fully qualified domain name

I have an Exchange server 2010 with OWA and Activesync services. My local domain is abcd.local and my email server is
I must apply the new SSL certificate by this Friday (previous SSL will expire this weekend). I purchased a 3 year SSL certificate, but facing a dilemma because because of the PHASING OUT THE INTRANET AND IP ADDRESSES IN SSLs.
I did check out the following link:
but really really I do not know how to proceed.  I do not want to change my local Domain name, because I have some other servers, like MS SQL server on this domain.
Please advise ASAP, and help me to start the process I must accomplish before I run out of time.
P.S. I only need the SSL certificate for my Exchange server, and nothing else.

Jay555IT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
you need to setup split dns and configure your exchange URLs to use the .org suffix as stated in the godaddy article you cited

Windows - Setting Up Split DNS

this will keep your .local for your other services but use the .org suffix internally to match the certificate

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jay555IT DirectorAuthor Commented:
Thank you Seth.
The current SSL Certificate will expire this weekend, and I purchased new SSL Certificate from GoDaddy but have not installed it yet.
I need to CREATE A NEW CSR from my Exchange server and post it on GoDaddy .
With all said, do I need to run the shell commands from the goDaddy article? is our web site on an external web host provider. I should mention that I used the option 1 of the directions in the link you provided me.

Seth SimmonsSr. Systems AdministratorCommented:
use this to take care of the cert renewal

Renew GoDaddy UCC SSL Certificate for Exchange 2010

do I need to run the shell commands from the goDaddy article?

yes, need to change the url so that it matches the cert
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Jay555IT DirectorAuthor Commented:
sorry to bother you again,

1- should I run the shell command with current SSL Certificate expiring this weekend?
2- Should I run the shell command before creating CSR?
3- I am assuming "Your_Server_Name" is exact name of the Exchange server computer.
Seth SimmonsSr. Systems AdministratorCommented:
you can run the shell command at the same time when you install the certificate

yes, if your exchange server is then use that for the URLs and certificate SANs
Jay555IT DirectorAuthor Commented:
1- my understanding of the instruction is to use WEBMAIL.XYZ.ORG as FQDN not as Host name("your_Server_Name"). I was guessing to use the actual name of the computer, the EXCH-MAIL, the real name of the server.
2- I did not create new CSR to submit it to GoDaddy yet. Can I create it before running the shell commands?
Seth SimmonsSr. Systems AdministratorCommented:
sorry...yes, where it says your_server_name for those powershell commands, use the server name (mail or whatever it is)  the fqdn is for the url portion of the command

and yes, you can create the csr any time
the new certificate and URL changes should be done at the same time else users will get a certificate error because the host names don't match the certificate
Jay555IT DirectorAuthor Commented:
Good morning Seth,

I downloaded the new SSL certificate for the exchange. Should I run the Shell command before installing this certificate, or after?


Seth SimmonsSr. Systems AdministratorCommented:
doesn't matter the order
Jay555IT DirectorAuthor Commented:
Hi Seth,

I applied the new Certificate about 1 hour ago, to my Exchange server, but haven't run the shell command yet.  I guess because my exchange server was set up as under the old SSL, the staff from inside and outside of the organization are using OWA, and Mobile email services without any difficulties.
The Certificate warning is coming up are on regular Outlook running on the computer on Local Area Network.
do I need to run
Set-ClientAccessServer ...
Set-WebServicesVirtualDirectory ...
Do these commands fix the security question for internal users?

Seth SimmonsSr. Systems AdministratorCommented:
what is the certificate warning for? mismatched host name?
Jay555IT DirectorAuthor Commented:
The users on the LAN was getting Security warning when tried Outlook 2010. But Actvivesync and OWA services were working properly.
Yesterday afternoon I ran the 3 Shell Commands, everything is working well now.

Thank you so much for your wonderful responses.

Jay555IT DirectorAuthor Commented:
Seth helped me and answered each and every questions I posted, and I was able to move forward with minimum stress.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.