And is recommended by Microsoft:
<http://technet2.microsoft.com/windowsserver/en/library/4bb9f469-df87-4830-9 6a8-b28ec71bafa91033.mspx?mfr=true> Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Kevin Miller [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 4:03 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use Not .local.. A registered name is best in my world. ~Kevinm WLKMMAS powered by 3Sharp <http://www.3sharp.com/> , Always WLKMMAS <http://www.wlkmmas.org/> What is your Zombie Plan? From: JB [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 12:33 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2007 and SSL certs for internal and external use What is the recommended naming convention then? _____________ John Bowles ----- Original Message ---- From: Kevin Miller <[EMAIL PROTECTED]> To: MS-Exchange Admin Issues <[EMAIL PROTECTED]> Sent: Tuesday, May 13, 2008 3:18:14 PM Subject: RE: Exchange 2007 and SSL certs for internal and external use Somewhere, but we retracted that after a short period of time. ~Kevinm WLKMMAS powered by 3Sharp <http://www.3sharp.com/> , Always WLKMMAS <http://www.wlkmmas.org/> What is your Zombie Plan? From: Barsodi.John [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 11:35 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use Wasn't it in early MS guidance for 2000 or perhaps it was 2003, that you use .local? The concept of split DNS was relatively new, if I remember correctly. From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 11:26 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use Interestingly, I just installed SBS 2003 R2 for a new customer yesterday, and the SBS installation wizard actually suggested .local! I was surprised.. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com <http://theessentialexchange.com/> From: Don Ely [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 11:47 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 2007 and SSL certs for internal and external use Why ".local"? On Tue, May 13, 2008 at 8:43 AM, Oliver Marshall <[EMAIL PROTECTED]> wrote: We looked at a wildcard cert but that wont work as our internal domain is a .local and externally we are a .com. The users connection settings are pre-filled by Outlook 2007. Is this editable in AD so that we are able to change the server FQDN they connect to? From: Sam Cayze [mailto:[EMAIL PROTECTED] Sent: 13 May 2008 16:19 To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use Another way might be a 'wildcard certificate'. One that handles *.domain.com <http://domain.com/> , www.domain.com <http://www.domain.com/> , domain.com <http://domain.com/> , mail..domain.com <http://mail.domain.com/> , etc. A little more spendy though... _____ From: Don Ely [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 10:07 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 2007 and SSL certs for internal and external use Split DNS On Tue, May 13, 2008 at 7:41 AM, Oliver Marshall <[EMAIL PROTECTED]> wrote: Hi chaps, I have an Exchange 2007 server here on which we have setup an SSL certificate (in the name of mail.mydomain.com <http://mail.mydomain.com/> ). This works great for users outside using Outlook 2007s Outlook Anywhere feature. However, internal users get a warning stating that the SSL cert name doesn't match the server. It's not the biggest issue, but it's...untidy. What's the best way to handle this? Obviously I can only attach one SSL cert to the Default site in IIS on the Exchange box and the internal domain (mydomain.local) is sufficiently different from the external one (mydomain.com <http://mydomain.com/> ) that we can't get an SSL cert to cover both. Is there a way to create a new IIS site that still points at the same exchange folder structure as the current Default Site but that is set to accept a different hostname? That way I could have one site for the internal users hitting blue-server.mydomain.local and one for the external users hitting mail.mydomain.com <http://mail.mydomain.com/> and attach a correct cert to both. Can this be done ? Olly ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
