Skip to main content

Exchange SSL Certs and DNS configurtion(s)

This article discusses how to deal with the fact that you can no longer get a 3rd party SSL Certificate for an internal domain.

The issue is that 3rd party Certs will not allow non-verifiable Certs after Oct 2016.  Essentially, that means that you should now configure your Exchange environment (2007/2010/2013) to not depend on Certs for internal names.

The solution is too simple.  Just configure your DNS server to implement a "Split-DNS-Horizon".
Note that this also works perfectly for auto-configuring your Outlook clients, regardless of whether they are connected internally or externally.

For this example, lets assume that your internal domain is domain.local, and that your email domain is domain.com

The easiest and simplest trick is to configure an entry in your internal DNS servers, to point autodiscover.domain.com to the internal IP address of your CAS server.

The best way to do this is to create a new DNS Zone with the name "autodiscover.domain.com", and then create an unnamed entry ("@") pointing to your internal CAS server(s). 


This way, it does not interfere with all of your existing DNS records for the "domain.com" zone, such as www, etc. 

So now, with this configuration, all that you need for a 3rd party SSL Cert is the "domain.com" name.  

Additional Reference:

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

"Blinky" TDOA RDF Detector

Our local Amateur Radio club is building a Radio Direction Finding TDOA (Time Difference of Arrival) detector that has LED's to indicate the direction (Left or right) of the fox.  Here are the build instructions.   (Note: this project was originally presented by NZ1J.  See his video:   https://www.youtube.com/watch?v=mNqUKYkifOo&t=68s   ) Here is the completed project: We start with the schematic:   Note that you either install PIN Diode pairs s D3 and D2, or Diodes pair D1 and D4.   The difference between these is the packaging.  If you are ok with Surface mount, then install D1/D4.  If you want discrete components use D3/D2. Next is the PCB.   The PCB can be ordered using the GRBR files available from the author.  The BOM for the electronic parts is as such: Doppler Direction Finder Bill of Materials   11/12/2021        Qty Part Digi-key Part Numbe...
5 comments
Read more

Radio Direction Finding - TDOA

This article describes a few projects that I built from plans for Amateur Radio Fox Hunting. Basically, the hobby/sport is for someone to hide a few low power "Foxes", which are small transmitters that beep or send Morse Code, and then have a bunch of HAM's try to find them. The first project that I built was a Yagi Antenna (Directional receiver) and a 4MHZ Offset Attenuator.  The attenuator is needed when you get close to the fox and you need to reduce the power of the received signal.  I struggled with this setup because, on my first 2 fox hunts, there was too much reflection and multi-path interference.  This causes false direction detection and if you are not mentally prepared for this, you want to throw all of your equipment into a garbage can and take up a different hobby.   There are some truly strange individuals who find this frustration fun and enjoy making other people suffer, but I will leave that discussion for another day.  Anyw...
Post a Comment
Read more

Powershell Tricks and Notes

How to expand parameterizedProperty Note if you issue the following command: Get-ADComputer -Filter * |Get-Member You will get the following result:   TypeName: Microsoft.ActiveDirectory.Management.ADComputer Name              MemberType            Definition ----              ----------            ---------- Contains          Method                bool Contains(string propertyName) Equals            Method                bool Equals(System.Object obj) GetEnumerator     Method...
Post a Comment
Read more