Mandev23
asked on
How to create a (self) SAN certificate for multiple domains?
Hi
is it possible to create a SAN certificate for exchange 2007, for 2 domains? instead of purchsing a certificate. I would like to know how, and put this certificate into IIS for users to authenticate to for OWA and active sync....
i need a SAN certificate because i have an internal and external URL for OWA access, one ends in romgroup.com and the other romgroup.co.uk
is it possible to create a SAN certificate for exchange 2007, for 2 domains? instead of purchsing a certificate. I would like to know how, and put this certificate into IIS for users to authenticate to for OWA and active sync....
i need a SAN certificate because i have an internal and external URL for OWA access, one ends in romgroup.com and the other romgroup.co.uk
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi heinoskov
And will this certificate be ok to sync with Exchange - via windows mobile 5/6?
https://apple,riomgroup.co.uk/owa is the external OWA address
https://apple.romgroup.com/owa is the internal address
the company is ROM
And will this certificate be ok to sync with Exchange - via windows mobile 5/6?
https://apple,riomgroup.co.uk/owa is the external OWA address
https://apple.romgroup.com/owa is the internal address
the company is ROM
ASKER
heinoskov
i ran the above command, changed CN=apple.romgroup.com which is the server name, but it cannot find parameter for o=rom ....?below is the syntax from the command shell...
[PS] C:\Documents and Settings\bossman\Desktop>N ew-Exchang eCertifica te -DomainName apple.romgroup.com, apple.r
omgroup.co.uk, autodiscover.rom.co.uk, autodiscover.rom-tech.co.u k, autodiscover.rfa-tech.co.u k, -FriendlyName
RomGroup -GenerateRequest:$True -Keysize 1024 -path c:\romgroup.req -privatekeyExportable:$tru e -subjectName
"c=uk, o=Rom, CN=apple.romgroup.com"
New-ExchangeCertificate : A parameter cannot be found that matches parameter name 'RomGroup'.
At line:1 char:24
+ New-ExchangeCertificate <<<< -DomainName apple.romgroup.com, apple.romgroup.co.uk, autodiscover.rom.co.uk,
autodiscover.rom-tech.co.u k, autodiscover.rfa-tech.co.u k, -FriendlyName RomGroup -GenerateRequest:$True -Key
size 1024 -path c:\romgroup.req -privatekeyExportable:$tru e -subjectName "c=uk, o=Rom, CN=apple.romgroup.com"
i ran the above command, changed CN=apple.romgroup.com which is the server name, but it cannot find parameter for o=rom ....?below is the syntax from the command shell...
[PS] C:\Documents and Settings\bossman\Desktop>N
omgroup.co.uk, autodiscover.rom.co.uk, autodiscover.rom-tech.co.u
RomGroup -GenerateRequest:$True -Keysize 1024 -path c:\romgroup.req -privatekeyExportable:$tru
"c=uk, o=Rom, CN=apple.romgroup.com"
New-ExchangeCertificate : A parameter cannot be found that matches parameter name 'RomGroup'.
At line:1 char:24
+ New-ExchangeCertificate <<<< -DomainName apple.romgroup.com, apple.romgroup.co.uk, autodiscover.rom.co.uk,
autodiscover.rom-tech.co.u
size 1024 -path c:\romgroup.req -privatekeyExportable:$tru
ASKER
i've also tried o=romgroup ...? but still get the parameter error
ASKER
Hi, is there any resolution on the last two posts? it doesnt like the parameter 'romgroup' ...?
romgroup is the name of our domain
romgroup is the name of our domain
ASKER
Hi, any response on this? - i keep getting a parameter error for the company name... where does it pick up this information? maybe it is referring to something?
ASKER
i have managed to create the cert using the above syntax (see attached), but it did not create a file in the C: drive ..? is this normal? - if so how do i import this cert and test it so it authenticates to romgroup.com and romgroup.co.uk..??
thanks
Doc1.doc
thanks
Doc1.doc
ASKER
hi
i used the below syntax to create a SAN cert with multiple names, the output being c:\romgroup.req which i believe is not a viewable file, what is the next step in using this cert?
i'm hoping to use it so OWA users both internally/externally can authenticate to the FQDN of the server; apple.romgroup.com and the external address of apple.romgroup.co.uk
New-ExchangeCertificate -DomainName apple.romgroup.com, apple.romgroup.co.uk, autodiscover.rom.co.uk, autodiscover.rom-tech.co.u k, autodiscover.rfa-tech.co.u k, -FriendlyName
RomGroup -GenerateRequest:$True -Keysize 1024 -path c:\romgroup.req -privatekeyExportable:$tru e -subjectName "c=uk, o=Rom, CN=apple.romgroup.com"
or if someone can show me how to setup exchange 2007 to use one URL for OWA which is the server name; for both internal and external access, please? - this would be better...
i used the below syntax to create a SAN cert with multiple names, the output being c:\romgroup.req which i believe is not a viewable file, what is the next step in using this cert?
i'm hoping to use it so OWA users both internally/externally can authenticate to the FQDN of the server; apple.romgroup.com and the external address of apple.romgroup.co.uk
New-ExchangeCertificate -DomainName apple.romgroup.com, apple.romgroup.co.uk, autodiscover.rom.co.uk, autodiscover.rom-tech.co.u
RomGroup -GenerateRequest:$True -Keysize 1024 -path c:\romgroup.req -privatekeyExportable:$tru
or if someone can show me how to setup exchange 2007 to use one URL for OWA which is the server name; for both internal and external access, please? - this would be better...
ASKER
apple.romgroup.com (server name)
apple.romgroup.co.uk
autodiscover.rom.co.uk
autodiscover.rom-tech.co.u
autodiscover.rfa-tech.co.u