I can’t say I’m 100% sure what you mean, the new SSL cert is a SAN cert with autodiscover.domain.com and webmail.domain.com assigned to it, no IP’s. Old is nearly the same except it includes the .local domains.
[cid:[email protected]] [cid:[email protected]] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Joseph L. Casale Sent: Friday, September 04, 2015 1:06 PM To: '[email protected]' Subject: [Exchange] RE: Exchange 2010 and Cert's Use a hostname *in* your ssl cert as the service locator host, not an ip. You post the ssl error but not the details, have a look at the details and see if this is your issue. jlc From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Doug Barrett Sent: Friday, September 4, 2015 7:14 AM To: [email protected]<mailto:[email protected]> Subject: [Exchange] RE: Exchange 2010 and Cert's Oops - clarification on the internal IP’s From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Doug Barrett Sent: Friday, September 04, 2015 8:05 AM To: [email protected]<mailto:[email protected]> Subject: [Exchange] RE: Exchange 2010 and Cert's Internal Outlook clients only. Clients are Outlook 2010, don’t have 2013 rolled out yet. OWA and mobile devices work fine. Internal DNS: .local domain: A webmail.domain.local (internal CAS IP) A <CASserver>.domain.local (internal CAS IP) A <DBserver>.domain.local (internal DB IP) SRV _autodiscover._tcp.domain.local (internal CAS IP, 443) .com domain: A webmail.domain.com (internal CAS IP) A autodiscover.domain.com (internal CAS IP) A <CASserver>.domain.com (internal CAS IP) SRV _autodiscover._tcp.domain.local (internal CAS IP, 443) From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Joseph L. Casale Sent: Thursday, September 03, 2015 7:54 PM To: '[email protected]' Subject: [Exchange] RE: Exchange 2010 and Cert's Internal or external clients, or both? You also don’t mention how your dns is now setup. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Doug Barrett Sent: Thursday, September 3, 2015 2:26 PM To: [email protected]<mailto:[email protected]> Subject: [Exchange] Exchange 2010 and Cert's Environment is Exchange 2010 SP3 UR10, single CAS and single DB server (2 physical servers), 2008 R2. We’ve been fighting for a few weeks now trying to get away from our previous internal & external named SAN cert to the new standard external only, but have hit a road block. We’ve changed or verified all 6 (or is it 7, can’t remember) of the suggested settings (AutodiscoverServiceInternalUri, OABVirtualDirectory, WebServicesVirtualDirectory, etc.) – all now show the external .com domain listed. However, when switching to the new cert, users get the pop-up “name on the cert is invalid or does not match..”. [cid:[email protected]] My question, when this was set up, a CAS array was never configured and the RpcClientAccessServer setting on the database is set to the internal .local name. A) Should we configure an array as is recommended by MS B) Should the RpcClientAccessServer be the .com domain in the cert, and C) Would A, B, or both plus an Outlook profile repair/recreate solve this issue? Looking for any ideas.
