Avatar of htsitguy
htsitguy
 asked on

Exchange 2010 certificate issue after CA no longer support internal names

Hi,

I have an Exchange 2010 environment where until yesterday was working fine but now the CA no longer supports internalname.local

I have re-issued the certificate which work fine externally for www.mail.domainname.com but local Outlook clients complaining that the mailservername.local isn't trusted which it isn't anymore

My AD is configured as domain.local and not companyname.com

Could do with this help resolving this. Any ideas?

Thanks
Exchange

Avatar of undefined
Last Comment
M A

8/22/2022 - Mon
Nadav Solomon

ASKER CERTIFIED SOLUTION
M A

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
jerseysam

There is a great tool here you can use to help you:

https://www.digicert.com/internal-domain-name-tool.htm
ET Support

Hi,

you can solve this by changing the OWA, ECP, EWS, outlookanywhere urls to a FQDN of your valid domain name ( mail.domainname.com) .
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Ivan

Hi,

you should create new DNS zone on your internal DNS, make it domainname.com (public name).
In it then create CNAME that will point mail.domainname.com --> to you exchange
Change all services internal URL to match mail.domainname.com in stead of mail.domainname.local.

That means OWA, ECP, ActiveSync, EWS, etc...all of what people already wrote in post's before.
Server Configuration --> Client Access --> select and edit service

Regards,
htsitguy

ASKER
Thanks for your comments, I had to create a sub domain I.e mail.companyname.com on my internal DNS and point to local Exchange servers as internally PC's couldn't ping the external autodiscover address.

Happy to share point regardless
M A

Thanks for sharing.
I explained the same in my article which is posted above.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.