Should SSL Certificate Hostname=FQDN if MX record is different?

Hi, if I have MX records for "webmail.domain.com" but my Exchange host has a 
FQDN of "mail2.domain.com", will I have a problem with the certificate name 
not matching the address of the server and failing the SSL certificate 
authorization?

Or would it be best if I add a new MX record using the FQDN and have users 
connect to that?


Thank you,

Will 


0
7/26/2006 12:02:52 PM
exchange.admin 57650 articles. 2 followers. Follow

4 Replies
623 Views

Similar Articles

[PageSpeed] 41

Hi,

The certificate name must be the name that the users use when connecting 
from the internet. This name has nothing to do with the internal fqdn of the 
server and the MX record.

Leif

"Will Niccolls" <willniccolls@hotmail.com> wrote in message 
news:OWEywtKsGHA.4468@TK2MSFTNGP02.phx.gbl...
> Hi, if I have MX records for "webmail.domain.com" but my Exchange host has 
> a FQDN of "mail2.domain.com", will I have a problem with the certificate 
> name not matching the address of the server and failing the SSL 
> certificate authorization?
>
> Or would it be best if I add a new MX record using the FQDN and have users 
> connect to that?
>
>
> Thank you,
>
> Will
> 


0
7/26/2006 1:04:18 PM
In other words, it should match an A record that exists in external DNS :-)

If webmail.domain.com exists as an A record, and you want clients to access 
OWA by using that FQDN, then your certificate needs to have that name, 
otherwise you will receive a warning about the name not matching.

-- 
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)


"Leif Pedersen [MVP]" <Leif.pedersenNO-SPAM@get2net.dk> wrote in message 
news:OSb2AQLsGHA.4956@TK2MSFTNGP02.phx.gbl...
> Hi,
>
> The certificate name must be the name that the users use when connecting 
> from the internet. This name has nothing to do with the internal fqdn of 
> the server and the MX record.
>
> Leif
>
> "Will Niccolls" <willniccolls@hotmail.com> wrote in message 
> news:OWEywtKsGHA.4468@TK2MSFTNGP02.phx.gbl...
>> Hi, if I have MX records for "webmail.domain.com" but my Exchange host 
>> has a FQDN of "mail2.domain.com", will I have a problem with the 
>> certificate name not matching the address of the server and failing the 
>> SSL certificate authorization?
>>
>> Or would it be best if I add a new MX record using the FQDN and have 
>> users connect to that?
>>
>>
>> Thank you,
>>
>> Will
>>
>
> 


0
Ben
7/26/2006 2:36:15 PM
Excellent, this confirms my thoughts, thank you both.

One more question if you please:  if the cert name is "outlook.domain.com", 
and that address gets redirected via IIS to  "https://fqdn.domain.com" will 
they still get a name mismatch error?

Thanks,

Will


"Ben Winzenz [Exchange MVP]" <ben_winzenz@nospamdotmessageonedotcom> wrote 
in message news:OKLqWDMsGHA.5056@TK2MSFTNGP06.phx.gbl...
> In other words, it should match an A record that exists in external DNS 
> :-)
>
> If webmail.domain.com exists as an A record, and you want clients to 
> access OWA by using that FQDN, then your certificate needs to have that 
> name, otherwise you will receive a warning about the name not matching.
>
> -- 
> Ben Winzenz
> Exchange MVP
> MessageOne
> Read my blog!
> http://winzenz.blogspot.com
> http://feeds.feedburner.com/winzenz (RSS Feed)
>
>
> "Leif Pedersen [MVP]" <Leif.pedersenNO-SPAM@get2net.dk> wrote in message 
> news:OSb2AQLsGHA.4956@TK2MSFTNGP02.phx.gbl...
>> Hi,
>>
>> The certificate name must be the name that the users use when connecting 
>> from the internet. This name has nothing to do with the internal fqdn of 
>> the server and the MX record.
>>
>> Leif
>>
>> "Will Niccolls" <willniccolls@hotmail.com> wrote in message 
>> news:OWEywtKsGHA.4468@TK2MSFTNGP02.phx.gbl...
>>> Hi, if I have MX records for "webmail.domain.com" but my Exchange host 
>>> has a FQDN of "mail2.domain.com", will I have a problem with the 
>>> certificate name not matching the address of the server and failing the 
>>> SSL certificate authorization?
>>>
>>> Or would it be best if I add a new MX record using the FQDN and have 
>>> users connect to that?
>>>
>>>
>>> Thank you,
>>>
>>> Will
>>>
>>
>>
>
> 


0
7/26/2006 11:41:10 PM
No - it shouldn't.  As long as the certificate says outlook.domain.com, and
you type in https://outlook.domain.com into your browser, you shouldn't get
a certificate warning.

-- 
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)


"Will Niccolls" <willniccolls@hotmail.com> wrote in message
news:%23fQj%23zQsGHA.4444@TK2MSFTNGP06.phx.gbl...
> Excellent, this confirms my thoughts, thank you both.
>
> One more question if you please:  if the cert name is
> "outlook.domain.com", and that address gets redirected via IIS to
> "https://fqdn.domain.com" will they still get a name mismatch error?
>
> Thanks,
>
> Will
>
>
> "Ben Winzenz [Exchange MVP]" <ben_winzenz@nospamdotmessageonedotcom> wrote
> in message news:OKLqWDMsGHA.5056@TK2MSFTNGP06.phx.gbl...
>> In other words, it should match an A record that exists in external DNS
>> :-)
>>
>> If webmail.domain.com exists as an A record, and you want clients to
>> access OWA by using that FQDN, then your certificate needs to have that
>> name, otherwise you will receive a warning about the name not matching.
>>
>> -- 
>> Ben Winzenz
>> Exchange MVP
>> MessageOne
>> Read my blog!
>> http://winzenz.blogspot.com
>> http://feeds.feedburner.com/winzenz (RSS Feed)
>>
>>
>> "Leif Pedersen [MVP]" <Leif.pedersenNO-SPAM@get2net.dk> wrote in message
>> news:OSb2AQLsGHA.4956@TK2MSFTNGP02.phx.gbl...
>>> Hi,
>>>
>>> The certificate name must be the name that the users use when connecting
>>> from the internet. This name has nothing to do with the internal fqdn of
>>> the server and the MX record.
>>>
>>> Leif
>>>
>>> "Will Niccolls" <willniccolls@hotmail.com> wrote in message
>>> news:OWEywtKsGHA.4468@TK2MSFTNGP02.phx.gbl...
>>>> Hi, if I have MX records for "webmail.domain.com" but my Exchange host
>>>> has a FQDN of "mail2.domain.com", will I have a problem with the
>>>> certificate name not matching the address of the server and failing the
>>>> SSL certificate authorization?
>>>>
>>>> Or would it be best if I add a new MX record using the FQDN and have
>>>> users connect to that?
>>>>
>>>>
>>>> Thank you,
>>>>
>>>> Will
>>>>
>>>
>>>
>>
>>
>
>





0
Ben
7/27/2006 3:40:54 AM
Reply:

Similar Artilces:

Renew SSL
Hi, Exchange 2007 on Win2003. The SSL cert is due to expire soon. Is there a recommended renewal procedure, or is it simply creating and installing a new SSL cert before it expires? Any assistance is appreciated. ED. That is pretty much it, you can renew your current certificate with your SSL provider and you should get the new certificate back within 30 min. If you plan on using another CA provider, then it might take a bit longer to authenticate your domain and company. -- John Oliver, Jr MCSE, MCT, CCNA Exchange MVP 2010 Microsoft Certified Partner &quo...

Exchange 5.5 SSl SMTP
How to enable SSL on SMTP Protocol on Exchange 5.5 on NT4/ Step by step please. It is very important for me . Best regards for all of You These links will provide some ideas http://www.windowsitpro.com/MicrosoftExchangeOutlook/Article/ArticleID/4869/4869.html http://support.microsoft.com/kb/q175439/ "Pawel" wrote: > How to enable SSL on SMTP Protocol on Exchange 5.5 on NT4/ Step by step > please. It is very important for me . > Best regards for all of You > > > ...

how to check if SSL or SASL is enabled at customer side or not ?
Hi All, While connecting to AD via JNDI, I am getting a error like: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1771] From googling what I came across is, this will be thrown when a particular flavor of authentication requested is not supported. It may be specified using specific authentication schemes such those identified using SASL. And I also got a hint that, the solution would be to use e...

Show quantity for different table
Below are my table: Main Table PartNumber(pk) Incoming Bil (pk) PartNumber Quantity Loan LoanID PartNumber Quantity So, I need to have a query to show all the quantity as below structure. If the part number quantity exists in incoming but not in kanban, it will show kanban quantity 0 PartNumber Incoming Loan 1111-1111 10 12 2222-2222 10 5 3333-3333 10 0 -- Message posted via AccessMonster.com http://www.accessmo...

SLB on different license, GP10
I have created a new SmartList in SLB on mij partner license. I have tested this list on my machine at a backup from my customer and it works. I have imported the layout at this customer. He has his own SLB license. The import is o.k. When launching the new report in his SmartList, I get 'Completed' and result 0. What can cause the problem?? Thanks, -- Toni Have you set security to the new report in Alternate/Modified reports? Frank Hamelly MCP-GP, MCT, MVP East Coast Dynamics www.eastcoast-dynamics.com get your GPtip42today at www.gp2themax.blogspot.com ...

Focus on different windows
Hi everybody... I need to do some test on url addresses... I have to open a page and see read the url in the address bar... then I have to do the test with the url that I gave at the beginning... I make an example.... if I write http://www.virgilio.it the url changes in http://www.virgilio.it/home/index.html... then I have to do the test and see if they are the same... so... for opening internet no problem... I use this piece of code... [...] CString address; address = "c:\\progra~1\\intern~1\\iexplore.exe http://www.virgilio.it"; system(address); [...] until here it i...

Appending all records
Hi - From a "menu" users can choose the region they work. A form opens and filters records for that region from a table which contains all the regions. There can be several people pulling records from this main table but different regions. Once they have done the work needed for each record, the record is then appended to yet another table using a command button which updates the master table. The command button initiates an append query. The problem is that each time someone hits the "append" button, ALL records matching the criteria regardless of the region get ap...

Add a sequence to a group of records in a query
This is the situation: I want to add a sequence to a group of records in a query that meet certain criteria. Example: GroupID AreaID EmployeeID SequenceNo (Field to add) 12345 123 458XA 00001 12345 123 452CA 00002 12345 123 538CD 00003 Where GroupID and AreaID are the criteria. How do I assign that sequence? Thx See: Ranking or numbering records at: http://allenbrowne.com/ranking.html -- Allen Browne - Microsoft MVP. Perth, Western Australia Tips for Acc...

graph to show correlation btwn two data sets of different ranges.
I have variables a,b,&c for items 1-5. The range for these variables is 100-1000. There is a fourth varibale (d) that ranges from 1-12. I want to show in 1 graph that changes in variables a,b,&c are directly correlated to variable d. Here's what I am thinking: 1. Create a column graph for variables a,b,&c with the y axis label listed on the left. 2. Add a line graph of variable d with the y axis label on the right. Problem: - I have no idea how to add the line graph over the bar graphs. - I can't for the life of me figure out how to move the y axis label to the right side...

SSL
Why can't I send using SSL? I can receive messages but can't send. I've asked everyone I know for help, but everyone has a different idea. I've tried everything I can think of. Is there an Outlook glitch I don't know about? Are you trying to use SSL on a non-standard SMTP port? (e.g. Non-standard SMTP port means that the account is configured to try and send e-mail on a port that does not equal 25 or 465.) "Garth" <anonymous@discussions.microsoft.com> wrote in message news:02af01c4f236$60d95c70$a601280a@phx.gbl... > Why can't I send usin...

Re-assign the records from one user to another
Hello, I know that it should be option to re-assign the records on the 'User Definition' screen (under Actions), but when I go into this screen with the SysAdmin role, I don't have this option. Any ideas? Regards, Inna. ...

Output To for different workbooks in a spreadsheet?
Hi All, Access2000. I've got a query I have running in conjunction with an OUTPUT TO statement that pops the data over to an Excel spreadsheet. However, I've got several to output...and they all need to be "TO" the same spreadsheet, but different workbooks in that same spreadsheet. It's working fine to individual spreadsheet files, but then I have to have the operator copy/paste into the one that has separate worksheets. A little bit cumbersome for something that'll be done regularly. Is this possible? I'm completely unfamiliar with Excel and would ra...

Integration Manager Record Ordering
Hi, I've got an integration that loads headers and line items from two files into the SOP module. Is there a way to control what order records are loaded? So that header 1 is loaded first, then each line item for a header are loaded in the order they are on the file? Thanks, Matt Hi Matt I think I need a little more info: Usually you link the header and detail based on Doc# (for example) and then IM reads the Header from top to bottom and creates the transactions and places them in a batch. What are trying to accomplish and what is actually happening? Thanks Fliehigh. "Le...

Get Object ID of selected records
Hi, Is there any way to get object ID of all selected records from view. I need to pass objectId of all selected records to 3rd part site in query string on button click in CRM. Thanks, Pankaj Rana ...

SSL for IMAP and SMTP
We run Exchange 2003 and want to be able to encrypt messages while people are on the road. I have read the KB 319278 (IMAP) and KB 823019 (SMTP) on how to do this. My question is do I need to different virtual servers for both (internal messaging we don't need SSL) and External (SSL needed)? I don't want to go ahead and encrypt the current virtual servers and have a ton a people calling saying they need to reconfigured their mail clients. Only those who we need to encypt on the road would we set up for secure encryption. Am I going about this in the right way? Thanks in advance....

Subform Causes Main Form to show same record Multiple times
I have a form named PatientsInfo that is based on table Tbl_Patients. In that form I have a subform that is based on table Tbl_FedPovertyLevel. I have 2 fields from Tbl_FedPovertyLevel on the subform -- HouseholdMemberName, HouseholdMemberIncome. When an additional HouseholdMember is entered into the subform, it links to the Tbl_Patients correctly. But on the record selector for the PatientsInfo main form, there are now several instances of the same Patient based on how many HouseholdMembers I have entered into the subform. I have to click the next record button several time...

Data Validation List from different sheet
In Excel 2003, can I use a data-validation drop-down list that reads its data from a different sheet? thanks M As responsed in .misc: Use a defined range as the source for the DV. Then you can. p/s: Pl refrain from multi-posting -- Max Singapore http://savefile.com/projects/236895 Downloads:20,500 Files:365 Subscribers:65 xdemechanik --- "Michelle" <mh_london@hotmail.com> wrote in message news:64efb54d-21fb-49c2-a9cd-ebad7e1fd7df@x38g2000yqj.googlegroups.com... > > In Excel 2003, can I use a data-validation drop-down list that reads > its data from a different...

MRMS Certification
Dear Mates, Let me know how can i proceed with the MRMS certification. Any course materials available? Any institutes? Thanks in Advance ...

How to create a digital certificate...
so that I can use it to locally sign my office files (word and excel). I do not want to continue to be prompted to enable or disable macros for each of my files that I open if they have a macro. I am not allowed (nor would I care to) change the macro security setting from medium to low. I have already created a digital certificate to locally sign my office files with, but the problem is that there is no checkbox for the "always trust macros from this source" so that it can stop prompting me to enable or disable macros! I can't find it anywhere. I run office XP pro. A...

Recording stock options money 2003 standard edition
When entering stock option puts and calls, my portfolio shows these items as cents rather than dollars . This results in an incorrect total for the balance. Foe example, I pay $50 dollars for an option but it shows up as .50 cents thereby showing a loss of $49.50 rather than .50 cents. Is there a way to enter these transactions without this occuring? In microsoft.public.money, Michael wrote: >When entering stock option puts and calls, my portfolio >shows these items as cents rather than dollars . This >results in an incorrect total for the balance. Foe >example, I pay $5...

Can you tell me the different parts of an access database?
On Thu, 2 Aug 2007 08:08:04 -0700, s0311 <s0311@discussions.microsoft.com> wrote: Tables, Queries, Forms, Reports, Macros and Modules. Did you try opening a database to look, or perhaps even reading your course materials? John W. Vinson [MVP] Care to explain for what you're looking? On the surface of it, your question sounds suspiciously like a homework assignment. -- Doug Steele, Microsoft Access MVP http://I.Am/DougSteele (no e-mails, please!) "s0311" <s0311@discussions.microsoft.com> wrote in message news:42F35224-BBAD-45FC-A2F6-802F700C4F0...

Assign all records
Hi, A user leaves the firm an I want to assign accounts, contacts, open oppertunitys en leads to a new user. Can I use "reassign all records" in usermanagement after changing the relationship behaviour properly? Or should I assign manualy to accomplish this. Thank you, regards, Jan You should use the reassign records in the users record. Once done you can disable the user and release the license ============================== John O'Donnell Microsoft CRM MVP http://www.crowecrm.com "JN" <JN@discussions.microsoft.com> wrote in message news:B14EEA3E-...

Add Record with combo box
I'm trying to code the not in list event of a combo box. I keep getting the "Invalid procedure call or argument" error. I have the combo box properties set to Limit to list, the row source set to Table/Query. The bound column is 1 (autonumber) and the table only has one other field. So, except for the error, I think I'm doing everything right. What did I miss? Thanks in advance for the help! Private Sub JCTARSectionLayer1ID_NotInList(NewData As String, Response As Integer) Dim strSQL As String Dim i As Integer Dim Msg As String 'Exit this sub...

Help, Transferring XML data under SSL
I need some advice on how to securely transfer data between two servers. Here is the situation. We have two sql servers that hold student data. I have full access to my sql server, but only write access to the main sql server on campus. I hope to use XML and SSL to transfer student data to the main server. As for generating the XML, I'll have an asp.net page set up in a secure directory that will generate the data in xml format. The data people will access this page and get the xml file with all the data. What's the best way to turn a sql server table into XML format? W...

DrawEdge with different color
Hello. I need to draw a button that its background color, text color and border color are different. How do I draw a colorful border (I guess it is using DrawEdge, but I don't know how to use colors with it)? Thanks, Janiv Ratson. Hi, Try to handle the following windows messages to rePaint the button, as an owner-drawn button control. WM_CTLCOLORSTATIC WM_CTLCOLORBTN http://msdn.microsoft.com/library/default.asp?url=/library/en-us/shellcc/platform/commctls/staticcontrols/staticcontrolreference/staticcontrolmessages/wm_ctlcolorstatic.asp http://msdn.microsoft.com/library/defaul...