Thanks Paul

Use the privately issued certs on your internal servers, including the external name on the internet-facing CA servers as well.

Then request a separate cert from the public CA for the external name(s) and bind that cert to your ISA Server listener.

Are there any comments you can provide on my situation? Greatly appreciated.

Thanks.

John

Thanks in Advance

Dan

Recently I installed a SAN certificate on my exchange server. On 1st eveything went fine, but on second server when I enabled the exchange certificate it gave me the below error

This certificate will not be used for external TLS connections with an FQDN of ‘mail1.X.X.COM’ because the self-signed certificate with thumbprint ‘AAA-THUMBPRINT-AAAAAAA’ takes precedence.

Now on second server I see a red mark on the certificate

I have all the names external and internal on the SA certificate.

Please could you let me know if this would create any problems on my exchange servers

I am create two dertificate in CAS and i need to remove please can help me to provide the step…

I have a strange predicament, I have inherited a domain with an internal name ending with .gov. External name is slightly different due to restrictions. Want to create a SAN with internal and external domain names as required, but cert authority informs I need to register my internal name as it is an external designation. Problem is the governing board for .gov names will not allow us to register it as it is not the format they allow – even thought it is for our internal use. Our AD is 2008R2 but too large for a domain rename (the thought makes me shutter) besides I think Exchange is one of the apps that is not compatible with it. My question is – can I have two cetificates assigned to my CAS array, The Commercial SSL for external users and an internal self signed certificate for my internal clients? Will Outlook autoconnect work properly?

Thanks in advance.

John