Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Please critique UCC scheme for Exchange 2007 SSL Certificate

Posted on 2007-12-06
4
Medium Priority
?
2,227 Views
Last Modified: 2009-11-12
Hi All,

I intend to purchase a UCC (Multiple Domain) SSL Certificate from GoDaddy for a new Win2003R2x64  / Exchange 2007 SP1 single server installation. They offer a $60/yr 5 domain certificate supposedly designed to be compatible with the SAN requirements. So ...

To genericize the particulars, the public internet name is DomainName.org, the Active Directory name is SubDomainName.DomainName.org and the server name is ServerName. Based on that, would my certificate domains be:

 mail.DomainName.org,
 autodiscover.DomainName.org,
 ServerName,
 ServerName.SubDomainName.DomainName.org

and ... since this is a 5- for deal, and I just happen to have an SSL-VPN box in the organization with the hostname SSL-VPN, how about I make my 5th domain:

SSL-VPN.SubDomainName.DomainName.org

Is this scheme correct?

Thanks!
- David
0
Comment
Question by:DavidBloom
  • 2
  • 2
4 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 20426243
That sounds about right.
Use this page to generate the PowerShell code:

https://www.digicert.com/easy-csr/exchange2007.htm

Simon.
0
 
LVL 1

Author Comment

by:DavidBloom
ID: 20435022
wow wow wow wow wow

Used your link to generate the exchange certificate request;
Submitted to GoDaddy;
Got my certificate within a couple hours.

Went through the steps to enable the certificate and outlook anywhere on the server, and then ...

Unfreaking amazing! Microsoft can be forgiven much (well, maybe not Vista) for the beauty of autodiscovery when set up correctly at the server end. The off-site Outlook 2007 clients are sublimely easy to connect. Aunt Alice stuff.

Moral of the story: don't even think of messing around with self-signed certificates. That $60 is a bargain.

Much obliged Simon.

ps: I used DomainName.org instead of SSL-VPN.SubDomainName.DomainName.org as my 5th domain. Glad I did.

==============================

Not meaning to get greedy here, but the SSL-VPN won't accept the UCC. It's looking to upload a zipped .key and .crt file pair. My UCC came with a .zipped p7b and .crt file. But no .key file. Do I need to (in order of preference) A) do some magic to derive a .key file from the UCC ; B) purchase a separate single SSL certificate; or C) ask the question in a different forum?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20435220
Autodiscover does work very well - if done correctly.
You may find that you need to export the certificate out through IIS manager to get it in the right format. The SSL-VPN suppliers may have instructions on how to do that.

Simon.
0
 
LVL 1

Author Comment

by:DavidBloom
ID: 20435344
I exported the certificate through IIS, and managed to generate a .PFX (personal information exchange) file. Not quite a .KEY file, but I'm working on it ...
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question