Improve company productivity with a Business Account.Sign Up

x
?
Solved

Please critique UCC scheme for Exchange 2007 SSL Certificate

Posted on 2007-12-06
4
Medium Priority
?
2,232 Views
Last Modified: 2009-11-12
Hi All,

I intend to purchase a UCC (Multiple Domain) SSL Certificate from GoDaddy for a new Win2003R2x64  / Exchange 2007 SP1 single server installation. They offer a $60/yr 5 domain certificate supposedly designed to be compatible with the SAN requirements. So ...

To genericize the particulars, the public internet name is DomainName.org, the Active Directory name is SubDomainName.DomainName.org and the server name is ServerName. Based on that, would my certificate domains be:

 mail.DomainName.org,
 autodiscover.DomainName.org,
 ServerName,
 ServerName.SubDomainName.DomainName.org

and ... since this is a 5- for deal, and I just happen to have an SSL-VPN box in the organization with the hostname SSL-VPN, how about I make my 5th domain:

SSL-VPN.SubDomainName.DomainName.org

Is this scheme correct?

Thanks!
- David
0
Comment
Question by:DavidBloom
  • 2
  • 2
4 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 20426243
That sounds about right.
Use this page to generate the PowerShell code:

https://www.digicert.com/easy-csr/exchange2007.htm

Simon.
0
 
LVL 1

Author Comment

by:DavidBloom
ID: 20435022
wow wow wow wow wow

Used your link to generate the exchange certificate request;
Submitted to GoDaddy;
Got my certificate within a couple hours.

Went through the steps to enable the certificate and outlook anywhere on the server, and then ...

Unfreaking amazing! Microsoft can be forgiven much (well, maybe not Vista) for the beauty of autodiscovery when set up correctly at the server end. The off-site Outlook 2007 clients are sublimely easy to connect. Aunt Alice stuff.

Moral of the story: don't even think of messing around with self-signed certificates. That $60 is a bargain.

Much obliged Simon.

ps: I used DomainName.org instead of SSL-VPN.SubDomainName.DomainName.org as my 5th domain. Glad I did.

==============================

Not meaning to get greedy here, but the SSL-VPN won't accept the UCC. It's looking to upload a zipped .key and .crt file pair. My UCC came with a .zipped p7b and .crt file. But no .key file. Do I need to (in order of preference) A) do some magic to derive a .key file from the UCC ; B) purchase a separate single SSL certificate; or C) ask the question in a different forum?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20435220
Autodiscover does work very well - if done correctly.
You may find that you need to export the certificate out through IIS manager to get it in the right format. The SSL-VPN suppliers may have instructions on how to do that.

Simon.
0
 
LVL 1

Author Comment

by:DavidBloom
ID: 20435344
I exported the certificate through IIS, and managed to generate a .PFX (personal information exchange) file. Not quite a .KEY file, but I'm working on it ...
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In a Cross Forest, the steps to migrate users are quite complicated and even in the official articles of Technet there is no clear recommendation on which approach to take .. From an experience, I mention and simplify which way to go and how to use …
In migration, Powershell can be a very crucial tool to achieve success and finalize projects within deadline or even fix issues. X500 or Legacy Exchange DN Attribute can cause lots of issue during the migration
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question