locked
Certificate question with non-standard active directory domain name RRS feed

  • Question

  • hi there,

    I have recently discovered the problem whereby you can't get a SAN certificate with a non-standard FQDN after nov 1st 2015.

    This meant we were unable to get a SSL certificate with the FQDN exchangeserver.mydomain.local as it is a non-standard domain name.

    After some head scratching I have got around this by creating an active directory integrated DNS zone for our public internet domain - i.e. mycorp.com

    I then change the URLs used by exchange to point to the public FQDN. i.e. mail 

    This seems to work but I think is a bit messy - would any recommend a "better" way of doing this?

    Cheers,

    Al

    Monday, December 17, 2012 5:56 PM

Answers

  • Employ split-brain DNS and use the same public host names both inside and outside your network for all virtual directories.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    • Proposed as answer by wendy_liu Tuesday, December 25, 2012 1:42 AM
    • Marked as answer by wendy_liu Wednesday, December 26, 2012 6:43 AM
    Monday, December 17, 2012 5:59 PM