Recommended SAN cert entries now that .local are going away? (Full Version)

All Forums >> [Microsoft Exchange 2010] >> Installation



Message


worldzfree123 -> Recommended SAN cert entries now that .local are going away? (13.Dec.2012 1:42:01 PM)

The CA/Browser Forum has announced that they will stop allowing the generation of certificates with .local in the name will no longer be allowed after 2015. I have googled around and beyond the recommendation that some bloggers have of renaming my Active Directory (a little heavy handed I think) what have you all done?

Internal domain AD domain: .local
External domain: .com

My new SAN cert was going to be:

mail.mydomain.com
autodiscover.mydomain.com

Thoughts on how to accomplish this?

-Thanks
-A




pjhutch -> RE: Recommended SAN cert entries now that .local are going away? (10.Feb.2013 5:32:18 PM)

AD domains can still be different from email domains even with .local names.
IF you need certificates with .local, you could deploy your own Certificate Authority server to supply internal certificates. Then use the public CA for public facing sites.




Page: [1]