?
Solved

Please critique UCC scheme for Exchange 2007 SSL Certificate

Posted on 2007-12-06
4
Medium Priority
?
2,230 Views
Last Modified: 2009-11-12
Hi All,

I intend to purchase a UCC (Multiple Domain) SSL Certificate from GoDaddy for a new Win2003R2x64  / Exchange 2007 SP1 single server installation. They offer a $60/yr 5 domain certificate supposedly designed to be compatible with the SAN requirements. So ...

To genericize the particulars, the public internet name is DomainName.org, the Active Directory name is SubDomainName.DomainName.org and the server name is ServerName. Based on that, would my certificate domains be:

 mail.DomainName.org,
 autodiscover.DomainName.org,
 ServerName,
 ServerName.SubDomainName.DomainName.org

and ... since this is a 5- for deal, and I just happen to have an SSL-VPN box in the organization with the hostname SSL-VPN, how about I make my 5th domain:

SSL-VPN.SubDomainName.DomainName.org

Is this scheme correct?

Thanks!
- David
0
Comment
Question by:DavidBloom
  • 2
  • 2
4 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 20426243
That sounds about right.
Use this page to generate the PowerShell code:

https://www.digicert.com/easy-csr/exchange2007.htm

Simon.
0
 
LVL 1

Author Comment

by:DavidBloom
ID: 20435022
wow wow wow wow wow

Used your link to generate the exchange certificate request;
Submitted to GoDaddy;
Got my certificate within a couple hours.

Went through the steps to enable the certificate and outlook anywhere on the server, and then ...

Unfreaking amazing! Microsoft can be forgiven much (well, maybe not Vista) for the beauty of autodiscovery when set up correctly at the server end. The off-site Outlook 2007 clients are sublimely easy to connect. Aunt Alice stuff.

Moral of the story: don't even think of messing around with self-signed certificates. That $60 is a bargain.

Much obliged Simon.

ps: I used DomainName.org instead of SSL-VPN.SubDomainName.DomainName.org as my 5th domain. Glad I did.

==============================

Not meaning to get greedy here, but the SSL-VPN won't accept the UCC. It's looking to upload a zipped .key and .crt file pair. My UCC came with a .zipped p7b and .crt file. But no .key file. Do I need to (in order of preference) A) do some magic to derive a .key file from the UCC ; B) purchase a separate single SSL certificate; or C) ask the question in a different forum?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20435220
Autodiscover does work very well - if done correctly.
You may find that you need to export the certificate out through IIS manager to get it in the right format. The SSL-VPN suppliers may have instructions on how to do that.

Simon.
0
 
LVL 1

Author Comment

by:DavidBloom
ID: 20435344
I exported the certificate through IIS, and managed to generate a .PFX (personal information exchange) file. Not quite a .KEY file, but I'm working on it ...
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question