Re: Ex2007 - SSL
- From: "AM" <imaneophyte@xxxxxxxxx>
- Date: Tue, 16 Jan 2007 10:20:50 -0500
Bob
My suggestion is to remove the internal CNAME for webmail.mycompany.com as
this is the source of the problem. Create a static A record internally for
webmail.mycompany.com this should fix your problem.
AM
"bob britton" <rbritton@xxxxxxxxxxxx> wrote in message
news:Oo4d4WXOHHA.3668@xxxxxxxxxxxxxxxxxxxxxxx
to be clear:
(Internal DNS)
My A record is: WCNODE08.mycompany.com. a CNAME is WEBMAIL.mycompany.com.
(ExternalDNS)
Our ISP created an A record for WEBMAIL.mydomain.com.
The server name (NETBIOS & DNS) internally really is
WCNODE08.mycompany.com
When I ordered the Cert, I ordered it for WEBMAIL.mydomain.com. I've
applied it, and it works outside.
Internally, the Outlook 2007 clients pop a security warning that the cert
is valid, but that it was issued for a different name.
"AM" <imaneophyte@xxxxxxxxx> wrote in message
news:Ol5gRgQOHHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
Check your DNS records. An A record of the FQDN should not be resolving
to the server name. Are you using CNAMEs internally for the external
FQDN?
AM
"bob britton" <rbritton@xxxxxxxxxxxx> wrote in message
news:O3h4htOOHHA.4100@xxxxxxxxxxxxxxxxxxxxxxx
Hi Folks:
I have an SSL question.
I purchased an SSL certificate for use in ActiveSync and Outlook Webmail
to secure information transfer.
When I purchased my SSL Cert, I used the FQDN of webmail.mycompany.com.
internally, my ex2007 server name is WCNODE08.mycompany.com.
When I apply the SSL Cert, externally it works fine because it's
accessed via WEBMAIL.mycompany.com.
However, internally, my Outlook 2007 clients start popping up a warning
that the SSL cert was issued for a different name. If I go into the
Outlook 2007 config and try to use the internal alias of
WEBMAIL.mycompany.com, it resolves to WCNODE08.mycompany.com (the name
of the server, not the dns alias).
So here's my question:
How does one properly assign an FQDN for SSL? If I purchase another SSL
Cert registered for WCNODE08.mydomain.com, i'm sure the problem would be
resolved. However, i don't want my users to access or remember WCNODE08.
I want them to use WEBMAIL.willcare.com.
Put it differently, i'm not an SSL expert. I kind of understand the
logic of why the SSL Cert needs to be named properly. but in this day
and age when you have a single server aliased with different names
(mail.mycompany.com, citrix.mycompany.com, imap.mycompany.com), i can't
figure out how to solve the problem because IIS seems to only allow a
single SSL cert, and an SSL Cert does not seem to allow it to be
registered with multiple FQDNs.
Please advise on best practice for this.
.
- Follow-Ups:
- Re: Ex2007 - SSL
- From: bob britton
- Re: Ex2007 - SSL
- References:
- Ex2007 - SSL
- From: bob britton
- Re: Ex2007 - SSL
- From: AM
- Re: Ex2007 - SSL
- From: bob britton
- Ex2007 - SSL
- Prev by Date: Re: E2K7 mail loop with journaling
- Next by Date: Re: Migrate from IMAP / POP3 to Exchange 2007
- Previous by thread: Re: Ex2007 - SSL
- Next by thread: Re: Ex2007 - SSL
- Index(es):
Relevant Pages
|
