For external devices, like Outlook (via RPC over HTTP) or Smart Phones, to access your front-end server you will need a public certificated that matches the external DNS address the devices are using. The other alternative is to use an internal certificate and install it on all devices, but this can be a real pain and isn't worth the $400 or so dollars a public certificate cost. RPC over HTTP & Smart Phone both require that the certificate be valid. This means that it matches the DNS address the client is using the access the server, and the root CA for the certificate can be verified or the CA chain has been installed already on the device. So the best solution would be to put a public certificate, issued for mail.yourdomain.com, on user server and, as Mark said, tell people to access the server at mail.yourdomain.com. You would use this same address in Outlook for RPC over HTTPs and ActiveSync for smart phones Jason Sherry - Pro Exchange http://www.theproexchange.com ________________________________ From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Mark Morgan Sent: Thursday, April 27, 2006 4:36 PM To: exchangelist@xxxxxxxxxxxxx Subject: [ExchangeList] Re: https based oma on .local domains? you can create a yourdomain.com zone in your dns create a mail.yourdomain.com a and mx record and then issue a cert to the mail.yourdomain.com name instead of the mail.domain.local. -----Original Message----- From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx]On Behalf Of Ara Avvali Sent: Thursday, April 27, 2006 2:32 PM To: exchangelist@xxxxxxxxxxxxx Subject: [ExchangeList] https based oma on .local domains? Good afternoon everyone, Since our internal domain is .local based and certificate is assigned to mail.domain.local, we get warning and click "YES" on OWA which is fine. But this stops rpc/http work so I am wondering if it is going to cause problem for OMA/https. Can I use https for oma in this scenario or have to go with http? Appreciated Exchange 2003 sp2 on 2003 Sp1 -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.5.0/325 - Release Date: 4/26/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.5.0/325 - Release Date: 4/26/2006