Thanks Michael On Mon, Jun 22, 2015 at 2:09 PM, Michael B. Smith <[email protected]> wrote:
> Elan does a pretty good job of covering the topic, although I don’t > necessarily agree with all of his comments about what is a best practice, > or not. > > > > http://www.shudnow.net/?s=autodiscoverinternaluri > > > > In short, if Exchange 2007 or 2010 (does not apply to 2013), and the SCP > points to an internal host, then Exchange and Outlook will use a > self-signed certificate. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Candee > *Sent:* Monday, June 22, 2015 1:50 PM > *To:* [email protected] > *Subject:* Re: [Exchange] Fwd: Internal / external certs > > > > Thank you. > > I thought I was the only one who's head was going to asplode. > > > > > > On Mon, Jun 22, 2015 at 1:43 PM, Doug Barrett <[email protected]> > wrote: > > This is interesting. Please clarify, so if the internal Exchange hostname > (Exchange 2010) is referenced as *mail.domain.local*, and we install a 3rd > party cert on the server for the external hostname *extmail.domain.com > <http://extmail.domain.com>*, again assuming both names are pointing to > the same server, Outlook would know this and not have issues? Or am I > reading that incorrectly? > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Michael B. Smith > *Sent:* Monday, June 22, 2015 12:18 PM > *To:* [email protected] > *Subject:* RE: [Exchange] Fwd: Internal / external certs > > > > Whoa. Hold on. > > > > Outlook “knows” when it is connecting to an internal address via an > external address. For internal addresses, Outlook will use a self-signed > cert. It’s only external connections that need a third-party cert. > > > > That being said, I prefer split-brain DNS. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Steve Ens > *Sent:* Monday, June 22, 2015 1:11 PM > *To:* Micheal Espinola Jr > *Subject:* RE: [Exchange] Fwd: Internal / external certs > > > > Plus one. > > On Jun 22, 2015 11:40 AM, "Richard Stovall (RDI)" < > [email protected]> wrote: > > Split brain DNS, as much as Ben hates it, may be your answer here. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Candee > *Sent:* Monday, June 22, 2015 12:21 PM > *To:* [email protected] > *Subject:* [Exchange] Fwd: Internal / external certs > > > > Hi everyone. > > I am updating our Exchange certificates, and we can no longer use our > internal .local. > > There are no plans to change our AD; so I'm trying to find the best way to > do this. > > > > If I just point our internal EWS, etc, to the external URL, is that going > to work? > > I found a few posts that say yes; but a few that say that Outlook Anywhere > will stop working. > > > > Anyone have any experience with this one? > > Hints? > > > > Thanks!! > > Candee > > > > >
