Solved

How do I setup SBS 2008, Exchange 2007 multiple domain SSL w/Go Daddy?

Posted on 2009-03-30
5
2,199 Views
Last Modified: 2012-05-06
Just setup SBS 2008 server for a client. I purchased a multiple domain SSL from GoDaddy. I know we need to point exchange.clientdomain.com, remote.clientdomain.com, autodiscover.clientdomain.com, and mail.clientdomain.com. I see the SBS 2008 wizard. From there I can Add a Trusted Certificate, but that is only for 1 domain. Can someone point me in the right direction?  
0
Comment
Question by:LeviDaily
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 1

Accepted Solution

by:
robsdesk earned 250 total points
ID: 24023059
To do this with multiple certificates you need multiple IP's & multiple sites setup to do this - each IP can only bind one certificate, you need to either get a wildcard certificate or add additional IP's to your server & setup additional IIS virtual dirs, have a look at: http://technet.microsoft.com/en-us/library/bb124811.aspx
0
 
LVL 2

Author Comment

by:LeviDaily
ID: 24023087
You sure? I thought certificates "bind" to domain name, not ip's.

We have successfully set this up before in Exchange 2007 Standard, not SBS, but it was all Powershell based. Does anyone know if the SBS 2008 wizard works, or if we have to use Powershell?
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 250 total points
ID: 24035423
The SBS wizard does everything that you need for you. Just follow the prompts and setup the DNS as it asks.
Otherwise you can do it the manual way if you wish, that will also work. I have done both.

Did you generate the request using the wizard or Powershell? You need to complete the request using whichever method you used to generate the request.  

-M
0
 

Expert Comment

by:techwerks
ID: 25445837
1.From the Exchange Management Shell command line, type the following:

New-ExchangeCertificate -GenerateRequest -KeySize 2048 -Path c:\DigiCertCSR.txt -SubjectName "c=US, l=YourLocalityOrCity, s=YourStateOrProvince, o=YourCompanyInc, cn=YourFirstDomain.com" -DomainName YourSecondDomain.com, YourThirdDomain.com -PrivateKeyExportable:$true

Although this command is too long to fit on one line here in your browser, you need to enter it into the management shell as one line. Of course, you need to replace the details listed in this sample command with the details of your own organization including your two-letter country code (c=), your city or locality (l=), your state or province (s=), and your organization legal name (o=).

Notice that the first domain name is listed inside the "-SubjectName" after "cn=" and additional domain names are later added after the -DomainName parameter with commas between the additional domain names. You can add as many additional domain names as necessary.

2.You will now find your new CSR file named DigiCertCSR.txt in the root of your C: drive. Open this file with a text editor such as Notepad and paste the entire contents of the file, including the BEGIN and END tags to the GoDaddy.com order form.

Import them with:

 Import-ExchangeCertificate -Path c:\certificates\filename.cer -friendlyname "Contoso CAS01"

 Then Apply them with:

 Enable-ExchangeCertificate identity <thumbprint> -services SMTP, IIS, POP3, IMAP

 The thumbprint will be given after you import the cert. Make sure you create the cert with the internal and external names (including just the internal server name with no domain name), as well as autodiscover.domain.com

0
 

Expert Comment

by:vlizzi
ID: 27470939
If you are talking about multiple sub domains, then you just need a wildcard certificate.
0

Featured Post

Office 365 Advanced Training for Admins

Special Offer:  Buy 1 course, get 2nd free!  Buy the 'Managing Office 365 Identities & Requirements' course w/ Accelerated TestPrep, and automatically receive the 'Enabling Office 365 Services' course FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
active directory, exhange 12 61
ssl mixed content reported 1 20
Exchange 2013 Message Tracking 3 33
Export email data from Google to PST files 8 69
Find out what you should include to make the best professional email signature for your organization.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question