Exchange 2007 certificate change problems
Hi,
We're using Exchange 2007 SP3, update roll up 6.
My old SAN certificate expired and I didn't bother to renew as I had a new wildcard certificate on our TMG2010 that I exported and used on the Exchange server. This works fine externally however it has caused issues with internal clients getting a security
warning saying the certificate isn't trusted.
We publish our Exchange server via DNS but we have split DNS so that internal clients don't have to go re-authenticate their credentials when opening e-mail.
They simply browse to https://server/owa and it takes them straight into OWA.
The SAN certificate had just the server name whereas the wildcard needs the domain name as part of the URL.
What's the easiest way to change the internal URL to the FQDN
https://server.domain/owa as I want to be able to browse to
https://server.domain/owa without having to re-type in user credentials that I've just logged onto the PC with.
Thanks in advance
April 30th, 2012 5:55pm
You have two problems, not one.
The DNS domain you use for your websites have nothing to do with whether users have to authenticate. What matters is the authentication method accepted by the service, which in this case is Windows Authentication.
Your second problem is that you have a wildcard certificate that doesn't match the NetBIOS name of the computer. I don't have a real good answer for how you'd redirect http(s)://server/owa to
https://server.domain/owa. You could put in a redirect for your default web site that would redirect http(s)://server to
https://server.domain/owa, though.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
April 30th, 2012 7:17pm
Hello,
Or you can re-new a SAN certificate as for a recommended solution.
Thanks,
Simon
May 1st, 2012 11:16pm