Announcement

Collapse
No announcement yet.

Exchange 2010 - getting the right certificate on the right interface

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2010 - getting the right certificate on the right interface

    We have an Exchange 2010 server that is providing the certficate exchange2010.domain.local to both inside and outside users. What I need is to have the exchange2010.domain.local be presented to inside users and mail.domain.com be presented to outside users. I know this is possible, but so far I haven't been able to find a solution. Can someone shed some light?

    Thanks

  • #2
    Re: Exchange 2010 - getting the right certificate on the right interface

    You can't have two certificates on the same IIS virtual server.
    You would have to create a second web server and then all of the virtual directories. However that would put you in to the unsupported territory.

    Any reason why you haven't deployed a UC certificate? That would cover both the internal and external names and is how Exchange is designed to work.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Exchange 2010 - getting the right certificate on the right interface

      I had a case open with Microsoft a few months ago for a different company for a domain rename with an Exchange 2010 (Microsoft supported this from the start and then dropped it at the tail end, but it mostly works now), and we had the same problem as what I'm needing to resolve now. Either the internal Outlook 2010 users got a certificate warning or the external users got the warning. I had spent a couple days on the line with Microsoft, so I was anxious to get off the line, but I mentioned this problem to him at the very tail end, and he had it resolved in about 30 seconds. No new virtual servers and using a standard certificate. I didn't pay attention unfortunately, but this seems to me that every location using a recent Exchange server with the Outlook 2010 (and possibly 2007) will be having the exact same problem as the internal and external Exchange server names will be different. Unless something is done, one will always be getting a certificate error.

      I'll add what you are saying makes a lot of sense, though.

      How about a different approach. Is it possible to make the new Outlook client not complain about certificates?
      Last edited by baskervi; 28th January 2011, 16:54.

      Comment


      • #4
        Re: Exchange 2010 - getting the right certificate on the right interface

        If I am not wrong MS must have suggested to use SAN certs which supports multiple domain name on same server
        Thanks & Regards
        v-2nas

        MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
        Sr. Wintel Eng. (Investment Bank)
        Independent IT Consultant and Architect
        Blog: http://www.exchadtech.blogspot.com

        Show your appreciation for my help by giving reputation points

        Comment


        • #5
          Re: Exchange 2010 - getting the right certificate on the right interface

          Originally posted by v-2nas View Post
          If I am not wrong MS must have suggested to use SAN certs which supports multiple domain name on same server
          That is the only way, you can't have Exchange issue a different certificate depending on the connection method without using additional IIS sites. I think it unlikely that Microsoft would suggest that as it is unsupported.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment

          Working...
          X