I am going around in circles trying to configure Exchange / The Domain to accept an SSL certificate without showing a security warning when launching outlook.
**Configuration:**
2012 Domain Controller
2013 Exchange server (one)
Outlook 2010
External FQDN to exchange : exchange.n****e.com
Internal FQDN to exchange : exchangevault.lincoln.n****e.limited
SSL Cert purchased which covers:
DNS Name=exchange.n****e.com
DNS Name=www.exchange.n****e.com
DNS Name=AutoDiscover.n****e.com
DNS Name=n****e.com
I added the cert to the Trusted Root via GP.
I have altered the internal and extneral URL's in 2012 ECP to point to the external FQDN.
exchange.n****e.com
My the test outlook client, outlook configures itself without issue. On launch following configuration I get a security warning advising me that the the certificate has an issue.
"the name on the security certificate is invalid or does not match the name of the site"
Indeed it doesn't, internally outlook is referencing the internal FQDN but using the cert of the external FQDN.
I would like to just have the OS trust the cert (it is installed locally on the client via GP), but this security alert appears every time outlook runs.
or
Use the external FQDN and for internal users I'll redirect to the internal IP of the exchange server, however doing this causes the mail server field to switch to the internal address; which then fails to allow me to open outlook.
(Cannot open your default e-mail folders)
how can I operate exchange internally and externally when the FQDN's are different without security warnings?
Best Answer
In this scenario, when changing the external and internal URL's from the ECP; you must restart the IIS worker process for ECP or the Virtual Directory you are changing otherwise the change will not take effect.
Or just do an iisreset from PS