martinmcginley
asked on
Certificates for SBS2008 Standard - Exchange - Multiple SMTP Domains
I am looking for advice for purchasing SSL certificates for an SBS2008 standard server. It is going to host 3 smtp domains...there will be 4 smtp domains in total including the default .local.
What I am loking for is advice about what certicate or certifactes to order. Should I get 3 single certs or a single certificate with the 3 certificates in it. Do I need an IP for each certificate. What is the best way to set this up when considering there will be 3 sets of clients access the server for smtp resourcesl?
Here is what I will have regarding smtp domains:
sbs2008.local (default AD domain - install created)
domain1.com
domain2.com
domain3.com
Thanks.
What I am loking for is advice about what certicate or certifactes to order. Should I get 3 single certs or a single certificate with the 3 certificates in it. Do I need an IP for each certificate. What is the best way to set this up when considering there will be 3 sets of clients access the server for smtp resourcesl?
Here is what I will have regarding smtp domains:
sbs2008.local (default AD domain - install created)
domain1.com
domain2.com
domain3.com
Thanks.
ASKER
Thanks for the response....where is the autodiscover record created, on the external DNS host, internal or both.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The common name will be the name that the users access the server on. I would suggest using the same name for all users. Also use the same name for the MX records for all domains, then you get TLS support as well.
So that would be something like mail.example1.com.
Then for each domain you need the autodiscover record
autodiscover.example1.com
autodiscover.example2.com
autodiscover.example3.com
Finally you need to have the server's NETBIOS and FQDN name
server
server.example.local
My blog posting on the subject outlines how to get the certificate:
http://blog.sembee.co.uk/archive/2008/05/30/78.aspx
If the EXTERNAL DNS provider supports SRV records, then you could get away with only having one autodiscover record in the certificate, but many do not.
Simon.