I don't know how many people have run into this yet, but the CA/BROSWER Forum, the "standards" authority for SSL issuing, has mandated that CA's can no longer issue a certificate using a FQDN "intranet" name for new or renewal SSL certificates effective
Nov 1, 2012. i.e. the Microsoft standard of mydomain.local will no longer be accepted as a SAN on a UCC for Exchange 2010. I've looked thru the KBs and Social forums, but haven't really found any guidance on how to solve this. I'm presuming
that the certs will have to be split and the "external" domain name of server.mydomain.net will just become a single server SSL, and the internal name of server.mydomain.local will become a Self-Signed certificate. With the increasing prevalence of OA
and ActiveSync devices, is there any baseline guidance yet on how to make this happen without completely fouling up production servers and killing access to the user community?
↧