Re: Ex2007 - SSL

to be clear:

(Internal DNS)
My A record is: WCNODE08.mycompany.com. a CNAME is WEBMAIL.mycompany.com.

(ExternalDNS)
Our ISP created an A record for WEBMAIL.mydomain.com.

The server name (NETBIOS & DNS) internally really is WCNODE08.mycompany.com

When I ordered the Cert, I ordered it for WEBMAIL.mydomain.com. I've applied
it, and it works outside.

Internally, the Outlook 2007 clients pop a security warning that the cert is
valid, but that it was issued for a different name.

"AM" <imaneophyte@xxxxxxxxx> wrote in message
news:Ol5gRgQOHHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
Check your DNS records. An A record of the FQDN should not be resolving to
the server name. Are you using CNAMEs internally for the external FQDN?

AM

"bob britton" <rbritton@xxxxxxxxxxxx> wrote in message
news:O3h4htOOHHA.4100@xxxxxxxxxxxxxxxxxxxxxxx
Hi Folks:

I have an SSL question.

I purchased an SSL certificate for use in ActiveSync and Outlook Webmail
to secure information transfer.

When I purchased my SSL Cert, I used the FQDN of webmail.mycompany.com.

internally, my ex2007 server name is WCNODE08.mycompany.com.

When I apply the SSL Cert, externally it works fine because it's accessed
via WEBMAIL.mycompany.com.

However, internally, my Outlook 2007 clients start popping up a warning
that the SSL cert was issued for a different name. If I go into the
Outlook 2007 config and try to use the internal alias of
WEBMAIL.mycompany.com, it resolves to WCNODE08.mycompany.com (the name of
the server, not the dns alias).

So here's my question:

How does one properly assign an FQDN for SSL? If I purchase another SSL
Cert registered for WCNODE08.mydomain.com, i'm sure the problem would be
resolved. However, i don't want my users to access or remember WCNODE08.
I want them to use WEBMAIL.willcare.com.

Put it differently, i'm not an SSL expert. I kind of understand the logic
of why the SSL Cert needs to be named properly. but in this day and age
when you have a single server aliased with different names
(mail.mycompany.com, citrix.mycompany.com, imap.mycompany.com), i can't
figure out how to solve the problem because IIS seems to only allow a
single SSL cert, and an SSL Cert does not seem to allow it to be
registered with multiple FQDNs.

Please advise on best practice for this.





.

Relevant Pages

  • Re: Ex2007 - SSL
    ... Did you flush the client side cache ipconfig /flushdns and any other DNS ... The server name internally really is ... the Outlook 2007 clients pop a security warning that the ... When I apply the SSL Cert, externally it works fine because it's ...
    (microsoft.public.exchange.admin)
  • SSL and OWA?
    ... In the main site, where the internet access is, we have an ISA server ... Buy an SSL cert for each Exchange Server and have 3 DNS addresses to ...
    (microsoft.public.exchange.connectivity)
  • SSL through ISA for OWA ... options??
    ... In the main site, where the internet access is, we have an ISA server ... Buy an SSL cert for each Exchange Server and have 3 DNS addresses to ...
    (microsoft.public.exchange.setup)
  • RE: Outlook and smartphone
    ... you'll need a real SSL cert (won't work with the self gernerated cert ... Assuming that the name of the server running SBS is sbsserver.exchange ... > Server Options, Connection Information)? ...
    (microsoft.public.windows.server.sbs)
  • 2 domain names, 1 IP, one SSL cert
    ... I have a web server with 2 domain names, one IP and a single SSL cert. ... The site on domain name two requires secure transactions of passwords and ...
    (microsoft.public.dotnet.framework.aspnet.security)