1

I've got an interesting one...

My users have always typed in 'mail' to get to their mail. There was an internal DNS A record that resolved that to the IP of the mail server.

I'm putting in an Exchange server to replace that. In order for people to get their mail, I try putting in an A record that does the same thing as the previous one. When I try to get to OWA, it tells me that the certificate on the server is not trusted. I only have the names:

  • mail.mydomain.com
  • autodiscover.mydomain.com
  • autodiscover.mydomain.internal
  • mydomain.internal
  • mailserver.mydomain.internal

so when the browser sees that this cert is trying to cover https://mail/owa it says the cert's not trusted.

What amy I supposed to do about that?

blsub6
  • 1,131
  • 6
  • 25
  • 45

2 Answers2

1

I am going to assume that the majority of the users that are going to type the short name into an address bar, are not going to be typing https://mail, instead they will just be entering an address of mail and hitting enter.

If that is the case then there may be answer for you with host headers (name-based virtual hosts).

So on your primary site you would set all the FQDN names including

  • mail.mydomain.com
  • autodiscover.mydomain.com
  • autodiscover.mydomain.internal
  • mydomain.internal
  • mailserver.mydomain.internal

Then setup an additional site in IIS, that includes any short names (mail, mailserver) and setup a redirect on that site to an appropriate FQDN for your server.

http://technet.microsoft.com/en-us/library/cc753195(WS.10).aspx

There is a feature called name

Zoredache
  • 130,897
  • 41
  • 276
  • 420
0

I like Zoredache's solution best, but if you don't want to redirect users, the only other option is to add "mail" as a Subject Alternative Name in the certificate so you don't get an error when accessing the server with that name.

Robert
  • 1,575
  • 7
  • 7