asked on how to change FQDN or other options to fix SSL certificate
I've been notified by Godaddy that I need to change our SSL certificate from a common name to a FQDN before Sep 28. Right now my SSL is for uxxxxx.net and my FQDN is uxxxxx.int.
My functional level for the domain is 2008 R2. I'm not the best with this kind of change and am uncertain what to do. Do I have any options other than renaming my FQDN? If not, how do I rename it? What else needs to be done? Will that change automatically filter to all the other servers? I had been told by a vendor previously that this is a difficult change to make so I'm basing my hesitation on that conversation. If it has to be done, I want to make sure I cover all my bases before doing it.
My functional level for the domain is 2008 R2. I'm not the best with this kind of change and am uncertain what to do. Do I have any options other than renaming my FQDN? If not, how do I rename it? What else needs to be done? Will that change automatically filter to all the other servers? I had been told by a vendor previously that this is a difficult change to make so I'm basing my hesitation on that conversation. If it has to be done, I want to make sure I cover all my bases before doing it.
SSL / HTTPSExchange
Last Comment
cindyfiller
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
This sounds more complicated than I can handle, based on your comments... I'm not sure if I need a certificate internally for anything... and the only thing I use the external SSL for is our webmail. I don't suppose it is as easy as dropping the .net off the certificate? I'm leaning more towards hiring someone to do this but want to do a bit more research first.
You can certainly create a new cert request and not include the internal FQDN names (i.e. .local, .int, .ad, etc.)
However, if the Exchange internal URLs are set with .int (or any other non-routable FQDN) you will need to update those URLs to something that is in your certificate.
However, if the Exchange internal URLs are set with .int (or any other non-routable FQDN) you will need to update those URLs to something that is in your certificate.
If you are using the digital certificate for Exchange it makes it more clear. And in that case the solution is to follow the path specified by Todd.
ASKER
Someone else at Godaddy sent me instructions they have for accomplishing what I need to do. It seems like it is much less severe than what I originally thought. Can you look at this article and see if it straight forward or do I need to additional steps as outline above? The vendor I wanted to contract with still hasn't replied to me so it is looking more like I may have to do this.
https://www.godaddy.com/help/reconfiguring-microsoft-exchange-server-to-use-a-fully-qualified-domain-name-6281?v=1
https://www.godaddy.com/help/reconfiguring-microsoft-exchange-server-to-use-a-fully-qualified-domain-name-6281?v=1
What GoDaddy provided you is more or less what is documented in the links I provided. It's not difficult.
Digicert has a tool to do it--and reverse the settings if needed ... https://www.digicert.com/internal-domain-name-tool.htm
Digicert has a tool to do it--and reverse the settings if needed ... https://www.digicert.com/internal-domain-name-tool.htm
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.