Please advise on this:

We have have an internal domain xyz.lan and external domain abc.net. The exchange servers FQDN is ec1.xyz.lan and is set up to use mail.abc.net for outlook anywhere. We have a few additional accepted domains e.g def.net configured. All mailboxes have the xyz.lan domain configured by default as an alias.

Internally things work fine but we have reached the point where we need external access configured, especially for ActiveSync. Thus we are looking at getting a CA certificate. We need these different domains to work, but I'm unsure what all to include in the certificate because of the internal and external domains being different. Additionally it now seems to be a problem to register internal domains by using a CA. Can one somehow get the certificate to additionally work with Lync as well?

All advice is greatly appreciated.

Are you using SSL on the internal hostnames?

You need:

External Hostname
Internal Hostname (If using SSL)
Autodiscover.domainname.com.... for each domain

Thanks for the response.

Currently I'm using self-signed certificates. My worry is that internal domains like .local won't be able to register anymore. So I would have:

mail.external.net

internal.lan (unregisterable) ?

autodiscover.external1.com

autodiscover.external2.com

Is there an easy way around this internal domain?

You could always just ensure that all the Virtual Directories use the external name internally.  Then you only have to worry about the external domain names and autodiscover.

Hi,

The following article must be a good reference.

http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx

Thanks,

Thanks very much! I think these replies answers my question.

I have the same situation most company that let you use .local in a ssl  no longer sell them so how do you separate external using the new ssl and the internal using the one that local and works ?