Solved

Please critique UCC scheme for Exchange 2007 SSL Certificate

Posted on 2007-12-06
4
2,222 Views
Last Modified: 2009-11-12
Hi All,

I intend to purchase a UCC (Multiple Domain) SSL Certificate from GoDaddy for a new Win2003R2x64  / Exchange 2007 SP1 single server installation. They offer a $60/yr 5 domain certificate supposedly designed to be compatible with the SAN requirements. So ...

To genericize the particulars, the public internet name is DomainName.org, the Active Directory name is SubDomainName.DomainName.org and the server name is ServerName. Based on that, would my certificate domains be:

 mail.DomainName.org,
 autodiscover.DomainName.org,
 ServerName,
 ServerName.SubDomainName.DomainName.org

and ... since this is a 5- for deal, and I just happen to have an SSL-VPN box in the organization with the hostname SSL-VPN, how about I make my 5th domain:

SSL-VPN.SubDomainName.DomainName.org

Is this scheme correct?

Thanks!
- David
0
Comment
Question by:DavidBloom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 20426243
That sounds about right.
Use this page to generate the PowerShell code:

https://www.digicert.com/easy-csr/exchange2007.htm

Simon.
0
 
LVL 1

Author Comment

by:DavidBloom
ID: 20435022
wow wow wow wow wow

Used your link to generate the exchange certificate request;
Submitted to GoDaddy;
Got my certificate within a couple hours.

Went through the steps to enable the certificate and outlook anywhere on the server, and then ...

Unfreaking amazing! Microsoft can be forgiven much (well, maybe not Vista) for the beauty of autodiscovery when set up correctly at the server end. The off-site Outlook 2007 clients are sublimely easy to connect. Aunt Alice stuff.

Moral of the story: don't even think of messing around with self-signed certificates. That $60 is a bargain.

Much obliged Simon.

ps: I used DomainName.org instead of SSL-VPN.SubDomainName.DomainName.org as my 5th domain. Glad I did.

==============================

Not meaning to get greedy here, but the SSL-VPN won't accept the UCC. It's looking to upload a zipped .key and .crt file pair. My UCC came with a .zipped p7b and .crt file. But no .key file. Do I need to (in order of preference) A) do some magic to derive a .key file from the UCC ; B) purchase a separate single SSL certificate; or C) ask the question in a different forum?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20435220
Autodiscover does work very well - if done correctly.
You may find that you need to export the certificate out through IIS manager to get it in the right format. The SSL-VPN suppliers may have instructions on how to do that.

Simon.
0
 
LVL 1

Author Comment

by:DavidBloom
ID: 20435344
I exported the certificate through IIS, and managed to generate a .PFX (personal information exchange) file. Not quite a .KEY file, but I'm working on it ...
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question