Hi,
I renewed our Exchange certificate today with GoDaddy. They are pushing a new policy of NOT allowing internal domains in certificates.
Our previous UCC certificate covered the following address
webmail.domain.co.uk
autodiscover.domain.co.uk
exchange1.domain.local
This worked fine. When renewing today, I needed to drop 'exchange1.domain.local' from the UCC cert.
I thought I would create an internal certificate for Exchange1, authorised by my domain's CA, which I have done and disctributed to all clients using group policy.
My UCC renewal with GoDaddy therefore only had webmail.domain.co.uk and autodiscover.domain.co.uk. When this cert was issued, I added to IIS on Exchange1. I set the binding to https for this new certificate and tested by visiting webmail.domain.co.uk, which showed the new certificate.
However, shortly after, my internal clients then called complaining about certificate warnings in Outlook. I see that Outlook is connecting to exchange1.domain.local but being presented with the 'web' certificate I just renewed with GoDaddy. I understand Outlook communicates over HTTP/S now so how do I overcome the problem I have and secure my internal server name (exchange1.domain.local) without using this name in the GoDaddy UCC cert?
Many thanks