05-15-2014 06:03 AM
hi,
after new SAN seltificate authory rules;
we couldnt add local names to SAN
for example; we couldnt add company.domain.local. (we can just add company.domain.com)
so we will have problem on 443 port in external owa.
what is your ideas for this?
thanks...
Solved! Go to Solution.
05-16-2014 12:25 PM
updating computer entry to domain.com in sql then adding internal ip of dns alias on host file in evserver solves the problem.
thanks...
05-15-2014 06:04 AM
Also when the old SAN certificates are expired ,they will be causes problem...
05-15-2014 06:16 PM
05-16-2014 03:01 AM
Yes this is certifiacte issue but enterprise vault directly affected from this issue. Also enterprise vault has white paper for 10.03 using ssl certificate. this may be update..
05-16-2014 07:25 AM
KG yes come to think of it - it does have a technote of best practise somewhere regarding Exchange 2013 OMA.
Enterprise Vault 10.0.3 and later: Requesting and Applying an SSL Certificate
http://www.symantec.com/business/support/index?page=content&id=HOWTO83452
Ideas to work around this? here are a few
- Well you can use internal certs for your internal server and use a application firewall/proxy/gateway(TMG/f5) to do the link translation to your internal domain.
i.e. https://mail.externaldomain.com/enterprisevault (using ext cert) -> https://evserver.domain.local/enterprisevault (using int cert)
Obviously internally you will have to ensure the internal certs are automatically enrolled via AD GPOs
Split Brain DNS - i.e. you create a DNS record for your external domain internally
i.e. mail.externaldomain.com -> private ip and evserver.externaldomain.com -> private ip
It's a bit tricky but this will allow your external certs to resolve and work internally.
http://exchange2010admin.blogspot.com.au/2013/10/exchange-configuration-with-split-brain.html
05-16-2014 12:25 PM
updating computer entry to domain.com in sql then adding internal ip of dns alias on host file in evserver solves the problem.
thanks...
05-16-2014 02:50 PM
05-17-2014 04:00 AM
yes, EV may create a new whitepaper for this issue, most of the people will live this problem in future...