Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to create a (self) SAN certificate for multiple domains?

Posted on 2008-06-23
10
Medium Priority
?
2,740 Views
Last Modified: 2013-12-05
Hi

is it possible to create a SAN certificate for exchange 2007, for 2 domains? instead of purchsing a certificate. I would like to know how, and put this certificate into IIS for users to authenticate to for OWA and active sync....

i need a SAN certificate because i have an internal and external URL for OWA access, one ends in romgroup.com and the other romgroup.co.uk
0
Comment
Question by:Mandev23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 2
10 Comments
 
LVL 5

Accepted Solution

by:
HeinoSkov earned 2000 total points
ID: 21849413
Certificate Use in Exchange Server 2007
http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx#CreatingImportingandEnablingCertificates

How to Configure SSL Certificates to Use Multiple Client Access Server Host Names
http://technet.microsoft.com/en-us/library/aa995942.aspx


If you also want to use the autodiscover service - this whitepaper is pretty interesting.
White Paper: Exchange 2007 Autodiscover Service
http://technet.microsoft.com/en-us/library/bb332063.aspx#Scenario4HowTo
0
 

Author Comment

by:Mandev23
ID: 21849952
Hi the second website seems interesting. What command would i use if i wanted a SAN certificate for the following domains:

apple.romgroup.com (server name)
apple.romgroup.co.uk
autodiscover.rom.co.uk
autodiscover.rom-tech.co.uk
autodiscover.rfa-tech.co.uk
0
 
LVL 5

Assisted Solution

by:HeinoSkov
HeinoSkov earned 2000 total points
ID: 21852739
Like this:

You should replace values in -FriendlyName, -subjectName to reflect your company info.

New-ExchangeCertificate -DomainName apple.romgroup.co.uk, apple.romgroup.com , autodiscover.rom.co.uk autodiscover.rom-tech.co.uk autodiscover.rfa-tech.co.uk -FriendlyName RomGroup -GenerateRequest:$True -Keysize 1024 -path c:\romgroup.req -privatekeyExportable:$true -subjectName "c=us, o=RomGroup, CN=apple.romgroup.co.uk"

Otherwise take a look at this article:
http://msexchangeteam.com/archive/2007/02/19/435472.aspx
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:Mandev23
ID: 21853068
Hi heinoskov

And will this certificate be ok to sync with Exchange - via windows mobile 5/6?

https://apple,riomgroup.co.uk/owa is the external OWA address
https://apple.romgroup.com/owa is the internal address

the company is ROM
0
 

Author Comment

by:Mandev23
ID: 21853109
heinoskov

i ran the above command, changed CN=apple.romgroup.com which is the server name, but it cannot find parameter for o=rom ....?below is the syntax from the command shell...

[PS] C:\Documents and Settings\bossman\Desktop>New-ExchangeCertificate -DomainName apple.romgroup.com, apple.r
omgroup.co.uk, autodiscover.rom.co.uk, autodiscover.rom-tech.co.uk, autodiscover.rfa-tech.co.uk, -FriendlyName
 RomGroup -GenerateRequest:$True -Keysize 1024 -path c:\romgroup.req -privatekeyExportable:$true -subjectName
"c=uk, o=Rom, CN=apple.romgroup.com"

New-ExchangeCertificate : A parameter cannot be found that matches parameter name 'RomGroup'.
At line:1 char:24
+ New-ExchangeCertificate  <<<< -DomainName apple.romgroup.com, apple.romgroup.co.uk, autodiscover.rom.co.uk,
 autodiscover.rom-tech.co.uk, autodiscover.rfa-tech.co.uk, -FriendlyName RomGroup -GenerateRequest:$True -Key
size 1024 -path c:\romgroup.req -privatekeyExportable:$true -subjectName "c=uk, o=Rom, CN=apple.romgroup.com"
0
 

Author Comment

by:Mandev23
ID: 21853115
i've also tried o=romgroup ...? but still get the parameter error
0
 

Author Comment

by:Mandev23
ID: 21894130
Hi, is there any resolution on the last two posts? it doesnt like the parameter 'romgroup' ...?

romgroup is the name of our domain
0
 

Author Comment

by:Mandev23
ID: 21906967
Hi, any response on this? - i keep getting a parameter error for the company name... where does it pick up this information? maybe it is referring to something?
0
 

Author Comment

by:Mandev23
ID: 21916312
i have managed to create the cert using the above syntax (see attached), but it did not create a file in the C: drive ..? is this normal? - if so how do i import this cert and test it so it authenticates to romgroup.com and romgroup.co.uk..??

thanks
Doc1.doc
0
 

Author Comment

by:Mandev23
ID: 21934472
hi

i used the below syntax to create a SAN cert with multiple names, the output being c:\romgroup.req which i believe is not a viewable file, what is the next step in using this cert?

i'm hoping to use it so OWA users both internally/externally can authenticate to the FQDN of the server; apple.romgroup.com and the external address of apple.romgroup.co.uk

New-ExchangeCertificate -DomainName apple.romgroup.com, apple.romgroup.co.uk, autodiscover.rom.co.uk, autodiscover.rom-tech.co.uk, autodiscover.rfa-tech.co.uk, -FriendlyName
 RomGroup -GenerateRequest:$True -Keysize 1024 -path c:\romgroup.req -privatekeyExportable:$true -subjectName "c=uk, o=Rom, CN=apple.romgroup.com"

or if someone can show me how to setup exchange 2007 to use one URL for OWA which is the server name; for both internal and external access, please? -  this would be better...
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
how to add IIS SMTP to handle application/Scanner relays into office 365.

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question