[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange Server with 2 Certificates for Webmail??

Posted on 2009-04-15
5
Medium Priority
?
513 Views
Last Modified: 2012-05-06
Ok...about a year ago i got a certificate for https://webmail.domain1.com and we have been getting along fine.  Now we have to change our domain name too domain2.com.  The DNS zone file has already been created for domain2.com...including webmail.domain2.com.  I know what changes i need to make for all of our internal clients but what about webmail?  Is it possilbe to have 2 certs on one server?  I really need both to stay active atleast for awhile...we have users with iphones..ect.  How do i set up the server where webmail can be accessed for both domain1.com and domain2.com? I have some users i can't get to "out in the field".  I should mention the AD domain is different from both domain1.com and domain2.com so logging in will not be a problem.  Please help!  Is it possible to modify the existing certificate  and change domain1.com to domain2.com ?  What are my options here and links to step by stepwould be useful. Thanks in advance...
0
Comment
Question by:mcwllc
  • 2
  • 2
5 Comments
 
LVL 6

Expert Comment

by:bradl3y
ID: 24151672
I would replace the certificate for domain1 with the new certificate for domain2, then configure the DNS zone for domain1 to redirect to domain2.

If security is not a huge concern, you could of course disable the requirement of SSL during the transition.
0
 

Author Comment

by:mcwllc
ID: 24152248
technically they both point to the mail server so i am guessing that part is already done...wondering about how i would handle redirection on the server.  As of now the zone file has propagated across the net...but if you goto webmail.domain2.com you get the login prompt but once you try to authenticate it goes to page not found....understandable since there is nothing in IIS for domain2.com....
0
 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 24157179
Unless you are using host headers, then you don't configure anything in IIS for each domain. You cannot use host headers for SSL, so going to https://host.example.com and https://host.example.net/ would go to the same server if they are pointing at the same address. However you can only have one certificate in place for each server so users browsing to the host host would get a warning.

Two ways I can think of to deal with this.

1. If you have a second external IP address, it is to put a second IP address on to the Exchange server, create a second web site in IIS for the original domain and put the SSL certificate on to it. The only thing that web server does is redirect the traffic to the correct address, so would require a file in the root and a file in a directory called Exchange. You would then update the DNS for the original host to point to the new IP address, set the forward on the firewall etc.

2. Purchase a SAN/UC certificate. These are the certificates used for Exchange 2007 and support multiple names. That would allow you to set the Common Name as your preferred domain on the new domain and then an additional name would be your old name. These are more expensive than standard certificates and if you have an existing certificate with time to run, the first option would allow you to make best use of that.

Simon.
0
 

Author Comment

by:mcwllc
ID: 24157485
Will SAN\UC certificates work with Exchange 2003? This is what i'm running on the server.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24158218
SAN/UC certificates are an IIS thing, not an Exchange thing. They were introduced for Exchange 2007, but there is nothing to stop them being used with Exchange 2003 or even IIS servers with no Exchange involved.

Simon.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Desktop Protocol or RDP has become an essential tool in many offices. This article will show you how to set up an external IP to point directly to an RDP session. There are many reasons why this is beneficial but perhaps the top reason is con…
Problem Description: Actually I found the below issue with some customers after migration from SMS 2003 to SCCM 2007 and epically if they change site code, some clients may appear in the console with old site code, plus old sites still appearing …
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question