SSL Certificate Question RRS feed

  • Question

  • I have setup a new Exchange 2010 server and I am migrating from Exchange 2003. I have an internal domain name of 123.org and an external domain name of abc.org. I have created a certificate request and was attmpting to purchase the cert from Digicert. The rep at Digicert told me that I could not buy the SSL cert because my internal domain name of 123.org is a registered external domain name of another comapny.

    My problem is that I am not sure how to remedy this problem. The rep I was speaking with got in touch with his Exchange cert expert and they directed me to this article http://support.microsoft.com/kb/940726 and told me to change the internal settings to use the domain name of our external domain name which is abc.org.

    Will this work to fix my problem? And will this cause any problems on the internal domain name?

    Lastly, would it be best to purchase a wildcard certificate or a SAN certificate. It seems like it would be simpler to manage it it was a wildcard cert. Once the migration is complete I will only have one outward facing Exchange server, so hopefully there would be no security problems with using the wildcard cert.



    Wednesday, February 8, 2012 7:39 AM


  • Hi,

    You can setup a new dns zone (internally) that got the same name as the external one

    then add the records for mail, autodiscover etc pointing to the new server, while legacy pointing to the old one

    and configure the URL's to match this new dns names

    I think that will solve your problem

    I always recommend to use SAN/UC certificate when it's for Exchange

    Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82

    Thursday, February 9, 2012 2:32 PM