0

I really need some help in configuring exchange 2013 and SSL.

I purchased an SSL cert for my external domain - remote.company.com and this works fine as I have added the certificate and applied it to IIS.

However, outlook seems to use IIS too, and now none of the outlook clients are happy because the SSL cert does not match the local domain svr.comp.local

Depending on which SSL I pick, one or other seems to work fine, but how can I get it to work on both? SAN ssl is not an option, because .local are not being supported beyond Oct 2015 (says ssl247.co.uk)

Is there a way to separate outlook internally from outlook webaccess?

Thanks in advance.

Simon
  • 221
  • 1
  • 2
  • 8

1 Answers1

0

What you should implement in your environment is called split-DNS and get a SAN cert for the server. You should create internal DNS zone, the same as external for your domain. The SAN cert should include at least the following names: autodiscover.domain.com and remote.domain.com, since it seems that you need it. I would suggest adding www.domain.com and domain.com as well. As soon as you have the cert ready and DNS zone created, you should run the commands outlined here to configure the settings for the connectivity of your users.

In order to make all the DNS entries correct, make sure to copy all the A and CNAME records from the external zone to the internal one, that you'll create.

Community
  • 1
Vick Vega
  • 2,398
  • 16
  • 22
  • Thanks for the reply - is there any thoughts on the .local aspect? and SAN not supporting that .local come October? – Simon Aug 06 '15 at 08:54
  • .local and similar domains on the SAN are not supported for quite a while now. I suggest you not to waste your time looking on how to put the internal domains on the cert (as there will not be a easy solution), but check on how to configure the environment with the correct certificate. If you really, really want, you can implement what you're looking for using internal PKI, however I'll not recommend that. – Vick Vega Aug 06 '15 at 15:24