after new SAN seltificate authory rules;
we couldnt add local names to SAN
for example; we couldnt add company.domain.local. (we can just add company.domain.com)
so we will have problem on 443 port in external owa.
what is your ideas for this?
Solved! Go to Solution.
Yes this is certifiacte issue but enterprise vault directly affected from this issue. Also enterprise vault has white paper for 10.03 using ssl certificate. this may be update..
KG yes come to think of it - it does have a technote of best practise somewhere regarding Exchange 2013 OMA.
Enterprise Vault 10.0.3 and later: Requesting and Applying an SSL Certificate
Ideas to work around this? here are a few
- Well you can use internal certs for your internal server and use a application firewall/proxy/gateway(TMG/f5) to do the link translation to your internal domain.
i.e. https://mail.externaldomain.com/enterprisevault (using ext cert) -> https://evserver.domain.local/enterprisevault (using int cert)
Obviously internally you will have to ensure the internal certs are automatically enrolled via AD GPOs
Split Brain DNS - i.e. you create a DNS record for your external domain internally
i.e. mail.externaldomain.com -> private ip and evserver.externaldomain.com -> private ip
It's a bit tricky but this will allow your external certs to resolve and work internally.