No announcement yet.

Exchange 2010 SSL Problem

  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2010 SSL Problem

    We have just upgraded from SBS2011 to 2008R2 and Exchange 2010.
    We bought an SSL certificate and all external connections via Exchange sync & Outlook anywhere work fine with no errors.

    Internally all users are getting certificate errors for <server>.local and Autodiscover.domain.local.

    Thinking I can just add the 2 .local's to my SSL certificate but there has been a rule change which doesn't allow non FQDN in certificates.

    What's the best way round this, preferably without having to go to each workstation. Would it be to generate a self signed certificate within Exchange?

    If so when I have the CSR where is the certificate generating wizard.

    Many thanks

  • #2
    Re: Exchange 2010 SSL Problem

    IIRC you'll need to either get the names on the certificate or change the names the clients are trying to access. It is possible to run Exchange 2010 with a single name certificate, there are some powershell commands to run to change the published virtual directory names and you'll need DNS records for the external names pointing to the internal IP address too.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    Cruachan's Blog


    • #3
      Re: Exchange 2010 SSL Problem

      As mentioned, you will need to have names match the certificate name but ideally use a SAN, so as a minimum, has the name of, for example, and

      This would the virtual directories that are configurable via EMC for each CAS role holder server and for each CAS role holder, EWS and Autodiscover using Exchange PS.

      If you are only going to use the one, you would make Autodiscover as well, so matches but you'll find that Autodiscover for some devices would not necessarily then work depending on how they discover the autodiscover location.
      Last edited by Virtual; 13th November 2014, 08:25.


      • #4
        Re: Exchange 2010 SSL Problem

        Reconfigure Exchange to use the external name.

        Simon Butler
        Exchange MVP

        More Exchange Content:
        Exchange Resources List:
        In the UK? Hire me:

        Sembee is a registered trademark, used here with permission.


        • #5
          Re: Exchange 2010 SSL Problem

          WOW, cool Domain Name Simon. Click image for larger version

Name:	2thumbs.gif
Views:	5
Size:	320 Bytes
ID:	466923
          Joined: 23rd December 2003
          Departed: 23rd December 2015