Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Please critique UCC scheme for Exchange 2007 SSL Certificate

Posted on 2007-12-06
4
Medium Priority
?
2,223 Views
Last Modified: 2009-11-12
Hi All,

I intend to purchase a UCC (Multiple Domain) SSL Certificate from GoDaddy for a new Win2003R2x64  / Exchange 2007 SP1 single server installation. They offer a $60/yr 5 domain certificate supposedly designed to be compatible with the SAN requirements. So ...

To genericize the particulars, the public internet name is DomainName.org, the Active Directory name is SubDomainName.DomainName.org and the server name is ServerName. Based on that, would my certificate domains be:

 mail.DomainName.org,
 autodiscover.DomainName.org,
 ServerName,
 ServerName.SubDomainName.DomainName.org

and ... since this is a 5- for deal, and I just happen to have an SSL-VPN box in the organization with the hostname SSL-VPN, how about I make my 5th domain:

SSL-VPN.SubDomainName.DomainName.org

Is this scheme correct?

Thanks!
- David
0
Comment
Question by:DavidBloom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 20426243
That sounds about right.
Use this page to generate the PowerShell code:

https://www.digicert.com/easy-csr/exchange2007.htm

Simon.
0
 
LVL 1

Author Comment

by:DavidBloom
ID: 20435022
wow wow wow wow wow

Used your link to generate the exchange certificate request;
Submitted to GoDaddy;
Got my certificate within a couple hours.

Went through the steps to enable the certificate and outlook anywhere on the server, and then ...

Unfreaking amazing! Microsoft can be forgiven much (well, maybe not Vista) for the beauty of autodiscovery when set up correctly at the server end. The off-site Outlook 2007 clients are sublimely easy to connect. Aunt Alice stuff.

Moral of the story: don't even think of messing around with self-signed certificates. That $60 is a bargain.

Much obliged Simon.

ps: I used DomainName.org instead of SSL-VPN.SubDomainName.DomainName.org as my 5th domain. Glad I did.

==============================

Not meaning to get greedy here, but the SSL-VPN won't accept the UCC. It's looking to upload a zipped .key and .crt file pair. My UCC came with a .zipped p7b and .crt file. But no .key file. Do I need to (in order of preference) A) do some magic to derive a .key file from the UCC ; B) purchase a separate single SSL certificate; or C) ask the question in a different forum?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20435220
Autodiscover does work very well - if done correctly.
You may find that you need to export the certificate out through IIS manager to get it in the right format. The SSL-VPN suppliers may have instructions on how to do that.

Simon.
0
 
LVL 1

Author Comment

by:DavidBloom
ID: 20435344
I exported the certificate through IIS, and managed to generate a .PFX (personal information exchange) file. Not quite a .KEY file, but I'm working on it ...
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question