PDA Cert - multiple Domains

Posted on 2009-07-16
Last Modified: 2012-05-07

I think I had been down this road earlier - but now have a new twist.

We have our sister company that needs a certificate for its Exchange 2007 server -
It looks to be only running the exchange generated certificate.

These are the suggested names we are looking at.,

Not sure if I am close in the naming -

This is the new "existing"  server......without a 3rd party cert.
srvemail001.cccc.acme.local <<<<<<<<?????

This is our existing server at

I also have a server in the EU -

I thought  the existing 2007 box had a 3rd party cert - I was wrong and need to correct this.

Any suggestions.


Question by:Synarc
  • 3
  • 2
LVL 65

Expert Comment

ID: 24873689
The only names the certificate needs is (the preferred common name for OWA, ActiveSync etc) (where is the domain in the user's email addresses)
server (the server's NETBIOS name).
server.example.local (the server's real INTERNAL FQDN)

If you are supported additional SMTP addresses then you need to have in there as well.

You do not have to add in unless that is what the server's FQDN is inside (ie because your WINDOWS domain is called

/ anything is not valid for an SSL certificate, so the line above with /owa isn't correct.



Author Comment

ID: 24900659
Mestha  -
Thanks for the info - if we want to make sure we are covered for all scenarios... it would be best to have the following sub-domains and names in th certificate - we are still building out some portions of the network and are not sure how or when things may change - we don't want to keep changing certs.
Any thoughts? (FQDN)
srvemail001  (netbios)

Author Comment

ID: 24900665
It looks like i forgot an autodiscover: (FQDN)
srvemail001  (netbios)
LVL 65

Accepted Solution

Mestha earned 500 total points
ID: 24902999
Are you going to have users with email address of ? If not then you are simply wasting money. Most certificate providers charge more for the additional names, some on a per name basis, some in blocks of 5.
Personally I wouldn't bother with either pda or owa variants and just tell everyone to use


Author Comment

ID: 24906965
Thanks Simon - it is a sister company  - and we are just trying to cover all the bases on it because we are unsure of what the final domain naming convention will be in the future.

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now