So....a couple months from now, SSLs will no longer be issued for local host names. I need some guidance on this....for some reason the whole SSL concept, while simple...makes my head hurt...not sure why...
Anyways, we host an exchange server on our internal AD domain (company.local) that is server.company.local. Now, from my limited understanding, our SSL cert with a Subject of PublicFQDN will work fine but the SAN listing of servername.company.local is not going to work anymore. If I have the SAN changed to servername.PublicFQDN will this still work? What will I have to do to get it to work properly? The company is also looking into adding a Lync server so...more SSL goodness to configure.Basically what you need to do is to have the following items to be configured to use external names, e.g. xxx.company.com. Some or all of them are currently configured as xxx.company.local.
- AutoDiscover SCP and DNS record
- OAB virtual directory
- EWS virtual directory
- Outlook Anywhere internal and external hostname
I have explained some concepts here
http://exchange929.blogspot.com/2015/08/outlook-security-alert-aka-cetificate.html
Yes, the change is to be made to Exchange server. Here I list the commands you need to run,
- Set-ClientAccessServer -AutoDiscoverServiceInternalUri
- Set-OabVirtualDirectory -InternalUrl -ExternalUrl
- Set-WebServicesVirtualDirectory -InternalUrl -ExternalUrl
- Set-OutlookAnywhere -InternalHostname -ExternalHostname
Take note these are just skeleton. You need to do some study from here.
- Edited by Li Zhen 23 hours 44 minutes ago
Yes, the change is to be made to Exchange server. Here I list the commands you need to run,
- Set-ClientAccessServer -AutoDiscoverServiceInternalUri
- Set-OabVirtualDirectory -InternalUrl -ExternalUrl
- Set-WebServicesVirtualDirectory -InternalUrl -ExternalUrl
- Set-OutlookAnywhere -InternalHostname -ExternalHostname
Take note these are just skeleton. You need to do some study from here.
- Edited by Li Zhen Friday, August 28, 2015 7:47 AM