I have a windows 2008R2 domain and an exchange 2010 SP1 server running with an invalid internal domain name - mycompany.invalid (i.e. one that SSL cert issuers won't put on a certificate). Is it still possible to configure my environment so that internal users will not get a certificate error when connecting through the LAN, and remote users will be able to connect through OWA via ssl over the web (using valid external domain name mycompany.com) ? thanks

The best alternative for you IMO is to deploy a ISA or TMG server and put an external certificate on that, while using an internal certificate on your Exchange server. Another alternative is for you to employ a split-brain DNS so that when users use the external name internally they are directed to the internal IP address. That way, you can always use just the external DNS name for the server.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

create appropriate dns record and suggest users to use the name that can be included in the SAN certificate you should also include the netbios name for server in the SAN certificate Dhruv

Hi steve, Any update for your issue? Above gave some good suggestion. If you have any questions, please tell us. Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.