Certificates for SBS2008  Standard - Exchange - Multiple SMTP Domains

martinmcginley
martinmcginley used Ask the Experts™
on
I am looking for advice for purchasing SSL certificates for an SBS2008 standard server.  It is going to host 3 smtp domains...there will be 4 smtp domains in total including the default  .local.

What I am loking for is advice about what certicate or certifactes to order.  Should I get 3 single certs or a single certificate with the 3 certificates in it.  Do I need an IP for each certificate.  What is the best way to set this up when considering there will be 3 sets of clients access the server for smtp resourcesl?

 Here is what I will have regarding smtp domains:

sbs2008.local  (default AD domain - install created)
domain1.com
domain2.com
domain3.com

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
The whole point of the certificates process is that you only need one IP address.

The common name will be the name that the users access the server on. I would suggest using the same name for all users. Also use the same name for the MX records for all domains, then you get TLS support as well.

So that would be something like mail.example1.com.

Then for each domain you need the autodiscover record

autodiscover.example1.com
autodiscover.example2.com
autodiscover.example3.com

Finally you need to have the server's NETBIOS and FQDN name

server
server.example.local

My blog posting on the subject outlines how to get the certificate:
http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

If the EXTERNAL DNS provider supports SRV records, then you could get away with only having one autodiscover record in the certificate, but many do not.

Simon.

Author

Commented:
Thanks for the response....where is the autodiscover record created, on the external DNS host, internal or both.
Expert of the Quarter 2009
Expert of the Year 2009
Commented:
External host is all that you must have, unless you will have clients that are not members of the domain but will be on your network.
It does no harm to have the record created internally though. You can create it in the same way as remote.example.com was setup when SBS was installed.

Simon.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial