SSL Certs, internal names, and local domains

So....a couple months from now, SSLs will no longer be issued for local host names.  I need some guidance on this....for some reason the whole SSL concept, while simple...makes my head hurt...not sure why...

Anyways, we host an exchange server on our internal AD domain (company.local)  that is server.company.local.  Now, from my limited understanding, our SSL cert with a Subject of PublicFQDN will work fine but the SAN listing of servername.company.local is not going to work anymore.  If I have the SAN changed to servername.PublicFQDN will this still work? What will I have to do to get it to work properly?  The company is also looking into adding a Lync server so...more SSL goodness to configure.
August 28th, 2015 1:29am

Basically what you need to do is to have the following items to be configured to use external names, e.g. xxx.company.com. Some or all of them are currently configured as xxx.company.local.

  • AutoDiscover SCP and DNS record
  • OAB virtual directory
  • EWS virtual directory
  • Outlook Anywhere internal and external hostname

I have explained some concepts here

http://exchange929.blogspot.com/2015/08/outlook-security-alert-aka-cetificate.html

Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 2:05am
I assume the configuration changes your talking about have to be done to the exchange server? So right now, my cert has a Subject of mail.company.org (FQDN of registered public domain) and a SAN of exchange.company.local.  I'd have to go into Exchange and modify it to tell it to use mail.company.org instead of exchange.company.local? Any chance you've got a guide for idiots on doing this, my Exchange-Fu is very weak.
August 28th, 2015 2:52am

Yes, the change is to be made to Exchange server. Here I list the commands you need to run,

  • Set-ClientAccessServer -AutoDiscoverServiceInternalUri
  • Set-OabVirtualDirectory -InternalUrl -ExternalUrl
  • Set-WebServicesVirtualDirectory -InternalUrl -ExternalUrl
  • Set-OutlookAnywhere -InternalHostname -ExternalHostname

Take note these are just skeleton. You need to do some study from here.


  • Edited by Li Zhen 23 hours 44 minutes ago
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 3:47am

Yes, the change is to be made to Exchange server. Here I list the commands you need to run,

  • Set-ClientAccessServer -AutoDiscoverServiceInternalUri
  • Set-OabVirtualDirectory -InternalUrl -ExternalUrl
  • Set-WebServicesVirtualDirectory -InternalUrl -ExternalUrl
  • Set-OutlookAnywhere -InternalHostname -ExternalHostname

Take note these are just skeleton. You need to do some study from here.


  • Edited by Li Zhen Friday, August 28, 2015 7:47 AM
August 28th, 2015 7:46am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics