SSL Certificates Help

Reconfiguring Microsoft Exchange Server to Use a Fully Qualified Domain Name

The Internet security community is phasing out the use of intranet names and IP addresses as Primary Domain Names or the Subject Alternative Names (SANs) in SSL certificates. For more information, see Can I request a certificate for an intranet name or IP address?.

If you use an intranet name or IP address for an SSL hosted on a Microsoft® Exchange Server, you can meet Certificate Authorities Browser Forum guidelines by reconfiguring your server to accept a fully qualified domain name (FQDN). For example, you can change internal name server.local to FQDN mail.coolexample.com.

If you haven't already done so, to ensure that internal Autodiscover continues to work, you must create an internal DNS zone for your domain name (for example, autodiscover.coolexample.com) and a MX record that points to your server's internal IP address.

The code samples below include the following variables:

  • Replace mail.coolexample.com with your FQDN
  • Replace Your_Server_Name with the actual name of your server

Note: We strongly recommend that only experienced server administrators implement this procedure. These instructions do not apply to Windows Server® 2012 or Microsoft Small Business Financials (SBF) Server.

To Reconfigure Microsoft Exchange Server to Use a Fully Qualified Domain Name

  1. Start the Exchange Management Shell.
  2. To change the Autodiscover URL, type the following command, and then press Enter:
    Set-ClientAccessServer -Identity Your_Server_Name -AutodiscoverServiceInternalUri https://mail.coolexample.com/autodiscover/autodiscover.xml
  3. To change the InternalUrl attribute of the EWS, type the following command, and then press Enter:
    Set-WebServicesVirtualDirectory -Identity "Your_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.coolexample.com/ews/exchange.asmx
  4. To change the InternalUrl attribute for Web-based Offline Address Book distribution, type the following command, and then press Enter:
    Set-OABVirtualDirectory -Identity "Your_Server_Name\oab (Default Web Site)" -InternalUrl https://mail.coolexample.com/oab
  5. If you use the Unified Message service in Exchange Server 2007: To change the InternalUrl attribute of the UM Web service, type the following command, and then press Enter:
    Set-UMVirtualDirectory -Identity “Your_Server_Name\unifiedmessaging (Default Web Site)” -InternalUrl https://mail.coolexample.com/unifiedmessaging/service.asmx
  6. To recycle the application pools, open IIS Manager.
  7. Expand the local computer, and then expand Application Pools.
  8. Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products.