Yes, it was in the early guidance. The VERY earliest guidance was ".int" - and then that was an "oops" moment, because that's actually a legal TLD. Then about Win2K release, the guidance was ".local", but basically "anything that wasn't a TLD"; then IANA went and authorized 16 (or so, I don't remember) new TLDs.
Then the guidance became - register the domain. Been that way since before 2003 was released. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Barsodi.John [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 2:35 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use Wasn't it in early MS guidance for 2000 or perhaps it was 2003, that you use .local? The concept of split DNS was relatively new, if I remember correctly. From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 11:26 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use Interestingly, I just installed SBS 2003 R2 for a new customer yesterday, and the SBS installation wizard actually suggested .local! I was surprised. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Don Ely [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 11:47 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 2007 and SSL certs for internal and external use Why ".local"? On Tue, May 13, 2008 at 8:43 AM, Oliver Marshall <[EMAIL PROTECTED]> wrote: We looked at a wildcard cert but that wont work as our internal domain is a .local and externally we are a .com. The users connection settings are pre-filled by Outlook 2007. Is this editable in AD so that we are able to change the server FQDN they connect to? From: Sam Cayze [mailto:[EMAIL PROTECTED] Sent: 13 May 2008 16:19 To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use Another way might be a 'wildcard certificate'. One that handles *.domain.com <http://domain.com/> , www.domain.com <http://www.domain.com/> , domain.com <http://domain.com/> , mail.domain.com <http://mail.domain.com/> , etc. A little more spendy though... _____ From: Don Ely [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 10:07 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 2007 and SSL certs for internal and external use Split DNS On Tue, May 13, 2008 at 7:41 AM, Oliver Marshall <[EMAIL PROTECTED]> wrote: Hi chaps, I have an Exchange 2007 server here on which we have setup an SSL certificate (in the name of mail.mydomain.com <http://mail.mydomain.com/> ). This works great for users outside using Outlook 2007s Outlook Anywhere feature. However, internal users get a warning stating that the SSL cert name doesn't match the server. It's not the biggest issue, but it's...untidy. What's the best way to handle this? Obviously I can only attach one SSL cert to the Default site in IIS on the Exchange box and the internal domain (mydomain.local) is sufficiently different from the external one (mydomain.com <http://mydomain.com/> ) that we can't get an SSL cert to cover both. Is there a way to create a new IIS site that still points at the same exchange folder structure as the current Default Site but that is set to accept a different hostname? That way I could have one site for the internal users hitting blue-server.mydomain.local and one for the external users hitting mail.mydomain.com <http://mail.mydomain.com/> and attach a correct cert to both. Can this be done ? Olly ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
