I work for an agency of the State of Arizona. We use split DNS. We are a .gov on the outisde, and a .int on the inside. When I went to purchase a cert from Go Daddy with five subject alternate names:
webmail.azftf.gov
autodiscover.azfftf.gov
exch01
exch01.azftf.int
autodiscover.azftf.int
they said they will sell me a cert with the two .gov names, but said that they would not sell me one with the following three subject alternate names:
exch01
exch01.azftf.int
autodiscover.azftf.int
because they said that azftf.int is a valid top level domain that we don't own. azftf.int is not registered to anyone, but Go Daddy said they can't sell it to me. They further tell me that the only way I can get around this is to go to ICANN and request it from them.
If I install the cert with only the valid outside .gov names, all of my inside clients get two error messages every time they start Outlook. If I leave it with the original autogenerated cert, everyone coming in from the outside gets an error message that our cert isn't any good.
What now? I can't be the only operation that has this problem. Does this happen if your inside domain is .local?
JD
Microsoft