Hey all, I've read a lot about this but cant figure ot what to change or the proper command. We're migrating from exch 2003 to 2007, I've gotten the server running with a few mailboxes moved over. the 2007server is running OWA, Activesync, pretty much everything. Everything is working great. I've added a certificate for the web services. now, when runnning outlook on the local network I get a security alert about the Certificate does not match the name of the site. I know its because I added the certificate for external access. the certificate is named owa.myexternaldomain.com. How do I set the internal domain back to the name of the server I.e. servername.local.mydomain.com so that I dont get this alert? I've found a lot of info on this but not exactly sure what I should change and what the exact command is. Any help woul be greatly appreciated. Thanks

Hi, If you are using Windows PKI for certificate services, you should use a SAN certificate and the command to request a SAN certificate will look like: New-ExchangeCertificate -generaterequest -subjectname "dc=com,dc=mydomain,o=MyOrganization,cn=owa.myexternaldomain.com" -domainname owa.myexternaldomain.com, CASServerNetBiosName,CAS Server FQDN,autodiscover.mydomain.com -PrivateKeyExportable $true -path c:\certrequest.txt Thanks, Vineet "Please mark this post helpful, if it really did"

You need to get a certificate with a Subject Name Alternative on it. The main name of the cert will be the exchange server name and the Subject Name Alternative will be the owa.myexternaldomain.com. I have had to do this twice. Most cert companies do this now, but in the beginning (last year) they didn't. Good luck.

So if I've already gotten a certificate for owa.myexternaldomain.com I need to get another one to replace it? that I can include a SAN. I got my cert from Godaddy. thanks

You need to get the Advanced cert from Godaddy with the SAN on it. You can have them expire that cert and replace it with the new one. The main name will be the server name and the SAN will be the external website. Give them a call and they will walk you through it.

thank you Todd.

Todd, On the cert main name do I put the full name for the of the server I.e. exchange-server.local.mycompany.com or just the name of the Server I.e. EXCHANGE-SERVER Depending on which one I put in the Common name field, should I add the other one in the SAN as well? thanks

Netbios name as well as FQDN and also add autodiscover.domain.com. Reference: Creating a Certificate or Certificate Request for TLS This would help you to generate command: https://www.digicert.com/easy-csr/exchange2007.htm

I put the fqdn as the main name and the Subject Alternative Name as the external web address.

Hi Jason, A SAN certificate is the best solution for the current issue I think. But you can also choose creating a new website within IIS as a option method. Here is a great article for your reference, it describes both methods in detail: More on Exchange 2007 and certificates - with real world scenario http://msexchangeteam.com/archive/2007/07/02/445698.aspx Regards, Elvis