Hello Gents,

I am having what I feel to be a very basic issue.  After going through the first 6 pages of numerous google searches, I can't seem to find a solution.  I found this : http://exchangeserverpro.com/ssl-requirements-for-exchange-when-certificate-authorities-wont-issue-certificate/ which explains my issue exactly.

I am using GoDaddy and trying to get my .local to appear on the certificate.  As of right now Test-ExchangeWebServices fails due to inaccurate certificate.  My external OWA works, but things like offline contacts and oab don't function.  I am getting log in prompts randomly when these tasks attempt connection.  It has to be the autodiscovery pointing to the wrong location of due to the certificate being wrong.

Is there any guide that shows how to create the certificate (SAN) with the .local.  I tried how I would with autodiscover.company.com and mail.company.com but when it comes to the .local godaddy doesnt seem to register it and it does not appear in the SAN list.

Thoughts?

It is not likely that any public CA will allow you to request certificate with .local domain name. And even if they let you do it, how would you access the domain name .local from Internet? If you must have .local domain in certificate, I advise that you deploy internal CA, and issue the certificate. Alternatively, use the regular public domain name (such as .com, .org or similar) and you can get certificate from any public CA.

yes the recommendation is to use split DNS.  That way you can have different DNS zones for internal and external. Your users will use the same names inside and out, but they will resolve to different IPS  public or private. 

users now have to remember one name for OWA, and that saves confusion which is good !

Thank you for your reply.  How do you apply two certificates though?  It seems when I apply one, the other removes itself.  I was able to create the external and apply and it seems to work.  But OAB and such do not function, and when I run the internal test it fails.

Is there a guide to recreate the local certificate as I believe I deleted it?

Can this be done without TMG or a load balancer? 

Hi,

About whether we can get .local name certificate from GoDaddy, please contact Godaddy support for more information.

If the .local name is not included within certificate in internal communication environment, we can change the InternalURL(.local) to match the certificate name(.com) to resolve certificate issue, just like:

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" InternalUrl https://mail.contoso.com/oab

About how to change InternalURL, we can refer to:

http://support.microsoft.com/kb/940726/en-us

Thanks,

Winnie