DavidBloom
asked on
Please critique UCC scheme for Exchange 2007 SSL Certificate
Hi All,
I intend to purchase a UCC (Multiple Domain) SSL Certificate from GoDaddy for a new Win2003R2x64 / Exchange 2007 SP1 single server installation. They offer a $60/yr 5 domain certificate supposedly designed to be compatible with the SAN requirements. So ...
To genericize the particulars, the public internet name is DomainName.org, the Active Directory name is SubDomainName.DomainName.o
mail.DomainName.org,
autodiscover.DomainName.or
ServerName,
ServerName.SubDomainName.D
and ... since this is a 5- for deal, and I just happen to have an SSL-VPN box in the organization with the hostname SSL-VPN, how about I make my 5th domain:
SSL-VPN.SubDomainName.Doma
Is this scheme correct?
Thanks!
- David
I intend to purchase a UCC (Multiple Domain) SSL Certificate from GoDaddy for a new Win2003R2x64 / Exchange 2007 SP1 single server installation. They offer a $60/yr 5 domain certificate supposedly designed to be compatible with the SAN requirements. So ...
To genericize the particulars, the public internet name is DomainName.org, the Active Directory name is SubDomainName.DomainName.o
mail.DomainName.org,
autodiscover.DomainName.or
ServerName,
ServerName.SubDomainName.D
and ... since this is a 5- for deal, and I just happen to have an SSL-VPN box in the organization with the hostname SSL-VPN, how about I make my 5th domain:
SSL-VPN.SubDomainName.Doma
Is this scheme correct?
Thanks!
- David
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Autodiscover does work very well - if done correctly.
You may find that you need to export the certificate out through IIS manager to get it in the right format. The SSL-VPN suppliers may have instructions on how to do that.
Simon.
You may find that you need to export the certificate out through IIS manager to get it in the right format. The SSL-VPN suppliers may have instructions on how to do that.
Simon.
ASKER
I exported the certificate through IIS, and managed to generate a .PFX (personal information exchange) file. Not quite a .KEY file, but I'm working on it ...
ASKER
Used your link to generate the exchange certificate request;
Submitted to GoDaddy;
Got my certificate within a couple hours.
Went through the steps to enable the certificate and outlook anywhere on the server, and then ...
Unfreaking amazing! Microsoft can be forgiven much (well, maybe not Vista) for the beauty of autodiscovery when set up correctly at the server end. The off-site Outlook 2007 clients are sublimely easy to connect. Aunt Alice stuff.
Moral of the story: don't even think of messing around with self-signed certificates. That $60 is a bargain.
Much obliged Simon.
ps: I used DomainName.org instead of SSL-VPN.SubDomainName.Doma
==========================
Not meaning to get greedy here, but the SSL-VPN won't accept the UCC. It's looking to upload a zipped .key and .crt file pair. My UCC came with a .zipped p7b and .crt file. But no .key file. Do I need to (in order of preference) A) do some magic to derive a .key file from the UCC ; B) purchase a separate single SSL certificate; or C) ask the question in a different forum?