Hi, We're using Exchange 2007 SP3, update roll up 6. My old SAN certificate expired and I didn't bother to renew as I had a new wildcard certificate on our TMG2010 that I exported and used on the Exchange server. This works fine externally however it has caused issues with internal clients getting a security warning saying the certificate isn't trusted. We publish our Exchange server via DNS but we have split DNS so that internal clients don't have to go re-authenticate their credentials when opening e-mail. They simply browse to https://server/owa and it takes them straight into OWA. The SAN certificate had just the server name whereas the wildcard needs the domain name as part of the URL. What's the easiest way to change the internal URL to the FQDN https://server.domain/owa as I want to be able to browse to https://server.domain/owa without having to re-type in user credentials that I've just logged onto the PC with. Thanks in advance

You have two problems, not one. The DNS domain you use for your websites have nothing to do with whether users have to authenticate. What matters is the authentication method accepted by the service, which in this case is Windows Authentication. Your second problem is that you have a wildcard certificate that doesn't match the NetBIOS name of the computer. I don't have a real good answer for how you'd redirect http(s)://server/owa to https://server.domain/owa. You could put in a redirect for your default web site that would redirect http(s)://server to https://server.domain/owa, though.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hello, Or you can re-new a SAN certificate as for a recommended solution. Thanks, Simon