Olly, Check this article also: http://support.microsoft.com/default.aspx/kb/940726 It should help with checking and/or changing the URLs that your clients connect too. Tim
From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 10:56 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use Is there a way to do it without a new Cert? Just checked on the definition of split-dns and we already do that here to allow for internally hosted services, but that hasn't had any impact on the setup. From: Tim Vander Kooi [mailto:[EMAIL PROTECTED] Sent: 13 May 2008 16:54 To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use A SAN cert will cover both your .com and .local. From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 10:44 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use We looked at a wildcard cert but that wont work as our internal domain is a .local and externally we are a .com. The users connection settings are pre-filled by Outlook 2007. Is this editable in AD so that we are able to change the server FQDN they connect to? From: Sam Cayze [mailto:[EMAIL PROTECTED] Sent: 13 May 2008 16:19 To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use Another way might be a 'wildcard certificate'. One that handles *.domain.com, www.domain.com<http://www.domain.com>, domain.com, mail.domain.com, etc. A little more spendy though... ________________________________ From: Don Ely [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 10:07 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 2007 and SSL certs for internal and external use Split DNS On Tue, May 13, 2008 at 7:41 AM, Oliver Marshall <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: Hi chaps, I have an Exchange 2007 server here on which we have setup an SSL certificate (in the name of mail.mydomain.com<http://mail.mydomain.com/>). This works great for users outside using Outlook 2007s Outlook Anywhere feature. However, internal users get a warning stating that the SSL cert name doesn't match the server. It's not the biggest issue, but it's...untidy. What's the best way to handle this? Obviously I can only attach one SSL cert to the Default site in IIS on the Exchange box and the internal domain (mydomain.local) is sufficiently different from the external one (mydomain.com<http://mydomain.com/>) that we can't get an SSL cert to cover both. Is there a way to create a new IIS site that still points at the same exchange folder structure as the current Default Site but that is set to accept a different hostname? That way I could have one site for the internal users hitting blue-server.mydomain.local and one for the external users hitting mail.mydomain.com<http://mail.mydomain.com/> and attach a correct cert to both. Can this be done ? Olly ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
