Skip to main content

Exchange SSL Certs and DNS configurtion(s)

This article discusses how to deal with the fact that you can no longer get a 3rd party SSL Certificate for an internal domain.

The issue is that 3rd party Certs will not allow non-verifiable Certs after Oct 2016.  Essentially, that means that you should now configure your Exchange environment (2007/2010/2013) to not depend on Certs for internal names.

The solution is too simple.  Just configure your DNS server to implement a "Split-DNS-Horizon".
Note that this also works perfectly for auto-configuring your Outlook clients, regardless of whether they are connected internally or externally.

For this example, lets assume that your internal domain is domain.local, and that your email domain is domain.com

The easiest and simplest trick is to configure an entry in your internal DNS servers, to point autodiscover.domain.com to the internal IP address of your CAS server.

The best way to do this is to create a new DNS Zone with the name "autodiscover.domain.com", and then create an unnamed entry ("@") pointing to your internal CAS server(s). 


This way, it does not interfere with all of your existing DNS records for the "domain.com" zone, such as www, etc. 

So now, with this configuration, all that you need for a 3rd party SSL Cert is the "domain.com" name.  

Additional Reference:
Labels:

Comments

Post a Comment

Popular posts from this blog

"Blinky" TDOA RDF Detector

Our local Amateur Radio club is building a Radio Direction Finding TDOA (Time Difference of Arrival) detector that has LED's to indicate the direction (Left or right) of the fox.  Here are the build instructions.   (Note: this project was originally presented by NZ1J.  See his video:   https://www.youtube.com/watch?v=mNqUKYkifOo&t=68s   ) Here is the completed project: We start with the schematic:   Note that you either install PIN Diode pairs s D3 and D2, or Diodes pair D1 and D4.   The difference between these is the packaging.  If you are ok with Surface mount, then install D1/D4.  If you want discrete components use D3/D2. Next is the PCB.   The PCB can be ordered using the GRBR files available from the author.  The BOM for the electronic parts is as such: Doppler Direction Finder Bill of Materials   11/12/2021        Qty Part Digi-key Part Numbe...
5 comments
Read more

Radio Direction Finding - TDOA

This article describes a few projects that I built from plans for Amateur Radio Fox Hunting. Basically, the hobby/sport is for someone to hide a few low power "Foxes", which are small transmitters that beep or send Morse Code, and then have a bunch of HAM's try to find them. The first project that I built was a Yagi Antenna (Directional receiver) and a 4MHZ Offset Attenuator.  The attenuator is needed when you get close to the fox and you need to reduce the power of the received signal.  I struggled with this setup because, on my first 2 fox hunts, there was too much reflection and multi-path interference.  This causes false direction detection and if you are not mentally prepared for this, you want to throw all of your equipment into a garbage can and take up a different hobby.   There are some truly strange individuals who find this frustration fun and enjoy making other people suffer, but I will leave that discussion for another day.  Anyw...
Post a Comment
Read more

Repetier host "Exception during socket read:Too many items in the combo box" - Solved!

I purchased a new BoXZY (3D printer, laser and CNC Mill) and have been pretty pleased so far. See https://boxzy.com/ One little issue though is that I have been trying to configure it so that I can 3D print from my laptop without having to connect a USB cable to the printer. The layout in my office is not convenient for the cable to span across the room.  Also, when I start using it for CNC Milling, I do not want to necessarily have my laptop too close to the router making all the dust.  My first attempts to install Repetier Server on various platforms was less than successful. I found that I often would get the error message "Exception during socket read:Too many items in the combo box" when I connected the application to whatever server that I configured. What confused me is that it would work perfectly on one of several computers,. but I could not find a root cause. In addition, I received a Smart Controller (Beta) from BoXZY which came with Windows 10 H...
1 comment
Read more