Solved

What type of SSL Certificate do I need for SBS server 2008

Posted on 2009-05-05
12
1,239 Views
Last Modified: 2012-08-13
I just wanted to check on the type of SSL Certificate I would need to get when running SBS 2008 to provide full functionality.  Is it possible to get away with using a single domain name certificate which simply verifies remote.domain.com or do I need a unified certifiate that verifies multiple domain names - if there is something I am missing here please let me know.  

The reason I ask is that with Exchange 2007 they have Unified certificates that allow you to be able to include multiple domain names.  Not such a problem until you start using things like Outlook Anywhere and have Outlook 2007 (Autodiscover).  For this they seem to push the unified ones and with SBS 2008 running Exchange 2007 I just wanted to check.  As with everything the unified certificates for Exchange 2007 are 4 to 5 times the price of your standard SSL certificate, but I would rather pay less if I can.

Anyway if someone could let me know a bit more about the best type of certificate for SBS 2008 it would be appreciated.
0
Comment
Question by:biggles70
  • 4
  • 3
  • 3
  • +2
12 Comments
 
LVL 30

Assisted Solution

by:renazonse
renazonse earned 100 total points
ID: 24310655
You'll need a multi-homed cert and they're cheap at godaddy.com...you'll get continual errors with a single domain name cert.
0
 

Author Comment

by:biggles70
ID: 24311227
Thanks for that - I had figured that this would be the case, and hope you might be able to help me out with the following.  I haven't dealt with godaddy.com before but they sure do seem cheap.  Would a Standard SSL Multiple Domain (UCC) be the go, seeing as though i am not using it for CC transactions or anything like that.

Also seeing as though we are talking about a multiple domain type cert would there be any names other than the following required for SBS 2008 - obviously once you get over 5 it gets a bit more expensive:

servername
servername.domain.local
remote.domain.com
mail.domain.com
autodiscover.domain.com
domain.com
domain.local

It is for accessing the remote web workspace, and Outlook Anywhere from Outlook 2007 if required - both internally and externally if required.  Are there names there I don't need to add, or alternatively are there extra names not there that I need to include.

I guess it's a little easier when your just looking at a mail server with no internal and external DNS, so I'd greatly appreciate a bit of help there if possible.

Thanks,
0
 
LVL 30

Expert Comment

by:renazonse
ID: 24313635
that particular cert allows 5 names. Here's the ones I've used without a problem.

servername
servername.domain.local
mail.domain.com
www.mail.domain.com <--- this one was auto created since I only had 4 names to use
autodiscover..domain.com

Also, if you run into trouble with that you can always rekey your cert at godaddy as long as mail.domain.com stays the same.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 400 total points
ID: 24313890
With SBS 2008 you only require a certificate for remote.MyDomain.abc. All connections to Exchange, OWA, RWW, TSgateway use the same name. With SBS2008 there is even a wizard to generate the certificate request for you, with GoDaddy or 2 other certificate providers. It is located under the "Windows SBS console" home page as "add a trusted certificate".
0
 

Author Comment

by:biggles70
ID: 24324622
Thanks to both - I decided to buy a GoDaddy SSL standard cert for remote.mydomain.com to see how it goes - nice a cheap which is good.  All works well with the OWA, RWW, and TS Gateway etc, but I am yet to test Outlook Anywhere.  Will hopefully get a chance to setup and test Outlook Anywhere over the next day or so and keep you posted.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24324823
Should work great, I have never had a problem.
--Rob
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 
LVL 30

Expert Comment

by:renazonse
ID: 24325303
That's definitely good to know for SBS 08...and good for you because the single domain cert is ridiculously cheap.
0
 

Author Closing Comment

by:biggles70
ID: 31579992
Well a single standard SSL certificate for remote.mydomain.com worked fine for RWW, OWA, TSGateway, and also to my surprise Outlook Anywhere with Outlook 2007 when used in conjunction with SBS 2008.  It does work a little different when you have a stand alone Exchange 2007 server and Outlook 2007, but with SBS you just need the cert to cover the single name.  All in all RobWill was spot on with the answer for SBS and I also gave some points to renazones for the GoDaddy tip - it was easy to buy a cert to test with when it was so cheap and deliverd so quickly.  By far the easiest SSL cert purchase I have ever had.    

Anyway thanks to both cheers
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24351217
Thanks biggles70.
Cheers!
--Rob
0
 

Expert Comment

by:the-waves
ID: 24592078
So let me get this straight - you can buy a normal certificate - not a unified comms cert to use Exchange 2007 on SBS 2008?
0
 

Author Comment

by:biggles70
ID: 24598123
Yep that is right. I just bought a standard cert from GoDaddy for remote.mydomain.com, as mentioned by RobWill, and it works fine.  No other names required.  It works with RWW, OWA, TSGateway, and also Outlook Anywhere using Outlook 2007 on SBS2008.  

I was a little sceptical at first, seeing that Exchange 2007 does use a unified cert.  For example I had seen issues running Outlook Anywhere in Outlook 2007 connecting to Exchange 2007 using a standard single name cert - mainly due to autodiscover certificate errors in Outlook and a couple of other things here and there (also needing to add the autodiscover.domain.com DNS entry as well).  Not sure if this is the sort of thing that lead you to ask for clarification, but this was the main reason that lead me to ask my question.  

Because GoDaddy was so cheap I figured I would just buy the cert and try it - in the end it worked well.  I was able to setup Outlook Anywhere on a notebook running Outlook 2007, which was one of my main concerns and it worked first time.

Setup Outlook Anywhere (Windows SBS2008)
http://technet.microsoft.com/en-us/library/cc794265(WS.10).aspx

I have been running the standard cert for remote.mydomain.com for over a month now and no sign of any problems.  All up I added a DNS record for remote.domain.com and installed the standard single name certificate as mentioned and haven't had any problems.

Cheers,
Biggles70
0
 

Expert Comment

by:mudgie
ID: 24598143
I use the cheap certs and everything works fine. I also put "autodiscover" in the "A" records. You absolutely HAVE to use the SBS 2008 wizards though. Another problem I've seen is the lack of a static IPV6 address - this usually happens if you replace the network drivers. It messed me up for a couple of days on one deployment.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now