No announcement yet.

New SSL Certificate - Reconfiguring Exchange to use FQDN

  • Filter
  • Time
  • Show
Clear All
new posts

  • New SSL Certificate - Reconfiguring Exchange to use FQDN


    We are using Exchange 2010 SP3.

    Our SSL certificate in Exchange is approaching expiration. I used the "New Exchange Certificate..." wizard to create a new certificate request. In this process there are certain internal host names added as Subject Alternative Names, including the internal client access server name.

    While submitting the CSR to godaddy that is when I learned it is no longer possible to include internal domain names on a public SSL certificate.

    I have found various websites which provide tools and instructions to reconfigure Exchange Server to use your external fully qualified domain name.

    This process includes the following:

    1. Changing the Autodiscover URL

    2. Changing the InternalURL attribute of the EWS

    3. Changing the InternalURL attirbute for web-based offline address book distribution

    My question is in regards to internal Microsoft Outlook Client mapi users. When I look at the account settings in Outlook the server is the internal host name of the client access server.

    Since the internal host name of the client access server will not be in the SSL certificate will Outlook break?

    Do I need to manually change this for all internal mapi clients? Or will autodiscover take care of it? The self signed certificate for the internal name of the client access server is still valid, is that all the internal clients need?

    Thanks anyone.
    This article explains the limitations of using intranet names and reserved IP addresses as the Primary Name or Subject Alternative Name (SAN) in SSL certificates.

  • #2
    The server name will not be a problem as the client doesn't make a connection to it using SSL.
    It is only the Outlook Anywhere and web services URLs that need to be changed.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.