.local is out! (Domains, certificates, SSL, etc)

.local is out! (Domains, certificates, SSL, etc)

Posted by on 21. J 2013 in Blog

I have  aproblem which I’ll discuss in another blog-post, but first – here’s a discovery that I’d like to share!

.local domain names and certificates are a big no-no from now on, without an internal PKI-infrastructure!

I’ve stumpled across a very interesting SSL-discovery. From 2015 .local-domain names are out. You cannot get an ssl-certificate with a .local-name from a public CA when 2015 hits us. And so far, it seems that some companies are already making the transition of not offering it anymore. Source: http://exchangeserverpro.com/ssl-requirements-for-exchange-when-certificate-authorities-wont-issue-certificate/ – Look under “Using a name no longer valid under new rules”

This has made me start planning on building a new domain. I don’t want to just rename the old one.. it’s one server, with 5 users, so, build-from-scratch it is, on the basis of Windows Server 2012 (maybe I should wait for R2? :D) – Perhaps I should even throw in DirectAccess, if it’s capable of running simultaneously with Exchange 2013.

Update (2013-07-21):
Okay, so apparently Exchange 2010 with MBX/CAS/HUB-role is not able to coexist with DirectAccess on the same server – I had browsing issues from the server and if I remember correctly, also the certificate-stuff on IIS wasn’t exactly functioning as expected. It’ll take more research to understand why it didn’t work. But for now, I’m just leaving it.