Hi,
I'm running a 2 site Exchange 2010 environment with a barracuda spam filter that receives and sends all agency email. IP addresses 10.0.0.x and 10.1.0.x
I usually obtain a Multiple Name (SAN) certificate with the following:
Autodiscover.xxx.net, Mail.xxx.net, servername.xxx.local, servername2.xxx.local
Recent changes to the governing authority says that starting nov 1, 2015 you can no longer get a SAN SSL with your internal servername on it if its different domain wise from your external domain.
For example servername.xxx.local vs public name mail.xxx.net
Where i'm stuck now is how to address this change. I did simply get a 2yr SAN that'll carry me until january 2015. After that i have to come up with a fix.
I'm looking for some official guidance from MS on how to reconfigure to address the changes.
Domain reconfig from .local to public.net? vs self signed internal certificate.
Verisign has always advised me that I MUST have the internal mail server's FQDN on the certificate we use for external webmail. Now i'm not so sure of this guidance.
Any experience with this issue or guidance would be appreciated.
Thanks
