Announcement

Collapse
No announcement yet.

AD-CS certificate for exchange

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD-CS certificate for exchange

    Now that it very sone no longer will be possible to have internal names in certificates as .local, is it possible to use AD-CS to issue a ssl certificate with the internal fqdn server names?

  • #2
    Yes this is possible but don't use it for Exchange.
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Why not for exchange?

      Comment


      • #4
        Unless you plan on isolating Exchange from the Internet and not using it to connect devices, you always want to use a trusted 3rd party CA.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Isen't it possible to use AD-CS for the internal FQDN's and a trusted 3rd party CA for the External FQDN's?

          Comment


          • #6
            No it is not possible to assign two certificates. Read the IIS section of this link for details: https://technet.microsoft.com/en-us/...xchg.150).aspx
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Okay, what to do when CAs no longer accepts local domain names in certificates?

              Comment


              • #8
                Split DNS is the normal solution - so external names also resolve internally
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  I have proformed a split-DNS in my Network and yes that was the way. Sorry for the long reply.

                  Comment

                  Working...
                  X