SAN certificate for Exchange 2003

Posted on 2009-12-16
Last Modified: 2012-05-08
I have a server running Exchange 2003 and I want to set up RPC over HTTPS. I know I will need a certificate with all of my server names (host name, outside DNS name, Etc).  I've done this before using exchange 2007 but I was able to generate the certificate request using the Exchange Management Shell, (very easy).

In 2003 there is no Shell as far as I know and the only way I can see to manage your certificates is using IIS. As far as I can tell there is no way to generate a cert request was Subject Alternative Names using IIS, and from what I can tell if I use something else to generate the cert request then I can't get IIS to use that certificate.

Any help would be greatly appreciated!

Thanks in advance.
Question by:armerdan
    LVL 7

    Expert Comment

    - Exchange 2003 does not support SAN certificates
    - Exchange 2003 only requires one name on the certificate, i.e.
    - Certificate requests are handled by IIS just like any IIS 6.0 website
    LVL 14

    Assisted Solution

    you don't need one for exchagne 2003, as you don't have autodiscover to require multiple hostnames.

    Good guide on how to set it up:

    Whatever external address you are going to use: etc is all you need.

    LVL 4

    Author Comment

    Just to make sure I'm understanding:

    The only address I need on the certificate for 2003 is the public fully qualified domain name (

    If that is the case then the clients inside the office won't have any trouble connecting to the various Exchange services?

    That is great if that is the case. Does that mean that the internal traffic is not encrypted? I guess it's just hard to imagine that mail.domainname.local doesn't need to be there as well as Etc.

    LVL 7

    Accepted Solution

    Yes you only need a simple SSL certificate with a single name (like  As for if internal users connect via SSL, well, that is dependent on how you configure your server.

    I have seen where companies will not use SSL internally because they have a WAN accelerator that does not accelerate SSL, only MAPI and HTTP.

    I have also seen where a company will be publishing Exchange externally via ISA and Forms Based Authentication (FBA) will be configured on ISA.  Since FBA can only be done on ISA or Exchange, internal users will use HTTP instead.  This can be resolved by adding another website on the Ex2003 server to support FBA for internal users.

    If you are not using ISA then I would configure FBA on Ex2003 and automatically redirect users from port 80 to port 443 so SSL is used internally and externally.   (google this, there are lots of resources how to redirect OWA)
    LVL 4

    Author Closing Comment

    Thanks a lot it's up and working now. I never thought I'd be more comfortable with 07 than 03........ Wow.

    Thanks again.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
    This video discusses moving either the default database or any database to a new volume.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now