Wasn't it in early MS guidance for 2000 or perhaps it was 2003, that you use .local? The concept of split DNS was relatively new, if I remember correctly.
From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 11:26 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use Interestingly, I just installed SBS 2003 R2 for a new customer yesterday, and the SBS installation wizard actually suggested .local! I was surprised. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Don Ely [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 11:47 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 2007 and SSL certs for internal and external use Why ".local"? On Tue, May 13, 2008 at 8:43 AM, Oliver Marshall <[EMAIL PROTECTED]> wrote: We looked at a wildcard cert but that wont work as our internal domain is a .local and externally we are a .com. The users connection settings are pre-filled by Outlook 2007. Is this editable in AD so that we are able to change the server FQDN they connect to? From: Sam Cayze [mailto:[EMAIL PROTECTED] Sent: 13 May 2008 16:19 To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use Another way might be a 'wildcard certificate'. One that handles *.domain.com <http://domain.com/> , www.domain.com <http://www.domain.com/> , domain.com <http://domain.com/> , mail.domain.com <http://mail.domain.com/> , etc. A little more spendy though... ________________________________ From: Don Ely [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 10:07 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 2007 and SSL certs for internal and external use Split DNS On Tue, May 13, 2008 at 7:41 AM, Oliver Marshall <[EMAIL PROTECTED]> wrote: Hi chaps, I have an Exchange 2007 server here on which we have setup an SSL certificate (in the name of mail.mydomain.com <http://mail.mydomain.com/> ). This works great for users outside using Outlook 2007s Outlook Anywhere feature. However, internal users get a warning stating that the SSL cert name doesn't match the server. It's not the biggest issue, but it's...untidy. What's the best way to handle this? Obviously I can only attach one SSL cert to the Default site in IIS on the Exchange box and the internal domain (mydomain.local) is sufficiently different from the external one (mydomain.com <http://mydomain.com/> ) that we can't get an SSL cert to cover both. Is there a way to create a new IIS site that still points at the same exchange folder structure as the current Default Site but that is set to accept a different hostname? That way I could have one site for the internal users hitting blue-server.mydomain.local and one for the external users hitting mail.mydomain.com <http://mail.mydomain.com/> and attach a correct cert to both. Can this be done ? Olly ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
