Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Certificate issues

Status
Not open for further replies.
MasterRacker

MasterRacker

New member
Oct 13, 1999
3,343
US
We are just beginning our upgrade to Exchange 2010. We've found there are issues with Outlook 2010 unless we install the proper certificates into Exchange. Our internal domain is ".int" and we've found we can't get a UCC certificate for that since .int is a valid TLD.

Renaming the domain will probably suck and it looks like we also have to scrap our test Exchange 2010 server since MS says rename won't work on that at all.

My question is: if we can't get a UCC cert now for .int, what happens in the future for certs for internal domains after ICANN allows ".anything?"

Just looking for insight to help us decide which direction to go today.

Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]
 
Sort by date Sort by votes
Or a second question would be since we can't get a public certificate for our internal domain, what are our options?

Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]
 
Upvote 0 Downvote
Internal domain names don't need to be in your certs. The most often used method is to use what's called split brain DNS. So, internally, you have a forward lookup zone for your EXTERNAL domain name. That way, when you want to go to say, mail.domain.com for your OWA page, it resolves to an internal IP address when inside the environment, and an outside IP when outside the environment.

I never include internal names in my certs.

Stop by the new Tek-Tips group at LinkedIn. Come say hi, look for a job, have some fun.
Pat Richard MVP
 
Upvote 0 Downvote
We already use split brain DNS - OWA is fine - it's Outlook 2010 with Exchange 2010 that has the problem.

As I understand it, with Exchange 2007 and 2010, Outlook itself uses the internal domain and needs a cert. Outlook 2010 at least.

Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]
 
Upvote 0 Downvote
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
1K
Wesaf
Wesaf
Zepfanman
  • Locked
  • Question
New sha256RSA certificate causing Outlook security popups
Replies
1
Views
89
ShackDaddy
ShackDaddy
jewart17
  • Locked
  • Question
IMAP issues in Outlook 2007
Replies
0
Views
56
jewart17
jewart17
disturbedone
  • Locked
  • Question
Certificate changes - no internal names
Replies
3
Views
77
ShackDaddy
ShackDaddy
supdude
  • Locked
  • Question
Microsoft ActiveSync Client Certificate Settings
Replies
1
Views
70
supdude
supdude

Part and Inventory Search

Sponsor

Back
Top