We've an Exchange Server with two different DNS names pointing to the same server, the internal and the external name. Something like this:
exchange.domain.com [External Domain]
exchange1.local.domain.com [Internal Domain]
So there are two wildcard certificates for those domains: *.local.domain.com and *.domain.com.
The problem happens when users come to the Exchange Server through the internal domain name. Since I was only able to use the *.domain.com certificate for IIS, I cannot match the internal certificate from clients coming with the internal DNS name.
The question is basically how to match the DNS domain name with the corresponding certificate? Since we can't reissue those certificates to have different SANs this isn't an option.
Thanks in advance.
Best Answer
If you have not Imported your certificate into Exchange, then you will need to open up the EMC, click Server Configuration, then on your Server right click and choose "Import Exchange Certificate".
You can upload multiple Certificates using this method, which will allow your server to choose the correct Cert based on whether your traffic is requesting the local or public address.
Then you will need to be sure your Hub transport/Client Access configurations (etc) are set to use the right URLs matching your SSL Certs.
You will see your choice of certificate(s) reflected in the IIS Default Web Site.
But keep in my to change it you cannot use solely IIS to do so, but instead the by using the method above, if you do change it accidentally from within IIS your server will stop responding to connections as it will have mismatched certificates in IIS/EMC.