I'm in a pickle with the infamous "The Security certificate has Expired or is not yet valid" message and I know it is due to our (multi domain name certificate; or I think that is called a SAN cert? right?) certificate having expired for our local server dns name:
servername.domainname.local
I see that GoDaddy has renewed our certificate automatically and it would normally seem like a cinch to go import it and hope the "The Security certificate has Expired or is not yet valid" message goes away for ALL internet Outlook clients, but the servername.domainname.local dns isn't on the auto-renewed certificate and instead our external dns name is on it: mail.domainname.md
From what I have been reading I now need to change servername.domainname.local to mail.domainname.md and this made me unfortunately realize I'd have to go and change all Outlook clients manually to point to the new external DNS... which also makes me think that this means that all INTERNAL Outlook clients that exist on the same network as the Exchange servers would then be going to the INTERNET to get their mail and come back in whereas I don't want that. I just want them going straight to the Exchange servers locally.
Does this new "no local domain cert registering" rule mean that mail flow is altered from internal to internal to internal to external to internal for traffic flow between the Outlook clients (2007) ?
If YES, does this mean that I have to go manually touch each Outlook 2007 client and change the server name to alleviate the "The Security certificate has Expired or is not yet valid" message?
Could I simply rerun certain certificate self-signing Powershell scripts I have found and generate a new local cert that will work to get rid of the popup message for the users to temporarily avoid registering a cert with an external DNS name?
If I'm right about needing to change the Exchange server name that all outlook clients refer to for their email, can I use this procedure to change it:
Exchange 2010: Outlook clients refusing to update to new CAS server
I really really hope somebody replies with "something" viable. I can't be the only person who's faced this and everything was just fine before the certificate renewal and the cert internal/external rule changed. I have about 60 demanding users and some just won't tolerate the popup at ALL.