Re: Ex2007 - SSL

---

• From: "AM" <imaneophyte@xxxxxxxxx>
• Date: Mon, 15 Jan 2007 19:48:35 -0500

---

Check your DNS records. An A record of the FQDN should not be resolving to
the server name. Are you using CNAMEs internally for the external FQDN?

AM

"bob britton" <rbritton@xxxxxxxxxxxx> wrote in message
news:O3h4htOOHHA.4100@xxxxxxxxxxxxxxxxxxxxxxx

Hi Folks:

I have an SSL question.

I purchased an SSL certificate for use in ActiveSync and Outlook Webmail
to secure information transfer.

When I purchased my SSL Cert, I used the FQDN of webmail.mycompany.com.

internally, my ex2007 server name is WCNODE08.mycompany.com.

When I apply the SSL Cert, externally it works fine because it's accessed
via WEBMAIL.mycompany.com.

However, internally, my Outlook 2007 clients start popping up a warning
that the SSL cert was issued for a different name. If I go into the
Outlook 2007 config and try to use the internal alias of
WEBMAIL.mycompany.com, it resolves to WCNODE08.mycompany.com (the name of
the server, not the dns alias).

So here's my question:

How does one properly assign an FQDN for SSL? If I purchase another SSL
Cert registered for WCNODE08.mydomain.com, i'm sure the problem would be
resolved. However, i don't want my users to access or remember WCNODE08. I
want them to use WEBMAIL.willcare.com.

Put it differently, i'm not an SSL expert. I kind of understand the logic
of why the SSL Cert needs to be named properly. but in this day and age
when you have a single server aliased with different names
(mail.mycompany.com, citrix.mycompany.com, imap.mycompany.com), i can't
figure out how to solve the problem because IIS seems to only allow a
single SSL cert, and an SSL Cert does not seem to allow it to be
registered with multiple FQDNs.

Please advise on best practice for this.

.

---

• Follow-Ups:
  • Re: Ex2007 - SSL
    • From: bob britton

• References:
  • Ex2007 - SSL
    • From: bob britton

• Prev by Date: Re: smtp;553 sorry, relaying denied from your location
• Next by Date: Re: OWA - shared mailbox folder list visibility
• Previous by thread: Ex2007 - SSL
• Next by thread: Re: Ex2007 - SSL
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Ex2007 - SSL ... All is working fine from the outside (Outlook Anywhere/OWA/Active Sync, etc) but from the internal network, all the Outlook 2007 are showing the popup about the fact the certificate is not correct (as the name does not match the server FQDN). ... When I apply the SSL Cert, externally it works fine because it's accessed via WEBMAIL.mycompany.com. ... (microsoft.public.exchange.admin) Re: Cannot access Public Folders through ESM ... The FQDN of the server does not match the SSL cert. ... (microsoft.public.exchange2000.admin) Re: Using static IP address for OWA ... Absolutely no problem using your IP instead of a FQDN. ... the name on the SSL Cert needs to match the URL that users are ... > "Configure E-mail and Internet Connection Wizard" I'm being prompted ... > to "Create a new Web Server Certificate". ... (microsoft.public.windows.server.sbs) SSL Error when viewing Public Folders ... I installed an SSL cert with the FQDN on the public DNS records, ... view the Public folders in the Exchang System Manager I get the error: ... Is there any way of correcting this problem without changing the FQDN on the ... (microsoft.public.exchange2000.admin) Re: Ex2007 - SSL ... The server name internally really is ... the Outlook 2007 clients pop a security warning that the cert ... When I purchased my SSL Cert, I used the FQDN of webmail.mycompany.com. ... (microsoft.public.exchange.admin)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Exchange  > microsoft.public.exchange.admin  > 2007-01