armerdan
asked on
SAN certificate for Exchange 2003
I have a server running Exchange 2003 and I want to set up RPC over HTTPS. I know I will need a certificate with all of my server names (host name, outside DNS name, Etc). I've done this before using exchange 2007 but I was able to generate the certificate request using the Exchange Management Shell, (very easy).
In 2003 there is no Shell as far as I know and the only way I can see to manage your certificates is using IIS. As far as I can tell there is no way to generate a cert request was Subject Alternative Names using IIS, and from what I can tell if I use something else to generate the cert request then I can't get IIS to use that certificate.
Any help would be greatly appreciated!
Thanks in advance.
In 2003 there is no Shell as far as I know and the only way I can see to manage your certificates is using IIS. As far as I can tell there is no way to generate a cert request was Subject Alternative Names using IIS, and from what I can tell if I use something else to generate the cert request then I can't get IIS to use that certificate.
Any help would be greatly appreciated!
Thanks in advance.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Just to make sure I'm understanding:
The only address I need on the certificate for 2003 is the public fully qualified domain name (mail.company.com)?
If that is the case then the clients inside the office won't have any trouble connecting to the various Exchange services?
That is great if that is the case. Does that mean that the internal traffic is not encrypted? I guess it's just hard to imagine that mail.domainname.local doesn't need to be there as well as mail.company.com Etc.
Thanks!
The only address I need on the certificate for 2003 is the public fully qualified domain name (mail.company.com)?
If that is the case then the clients inside the office won't have any trouble connecting to the various Exchange services?
That is great if that is the case. Does that mean that the internal traffic is not encrypted? I guess it's just hard to imagine that mail.domainname.local doesn't need to be there as well as mail.company.com Etc.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot it's up and working now. I never thought I'd be more comfortable with 07 than 03........ Wow.
Thanks again.
Thanks again.
- Exchange 2003 only requires one name on the certificate, i.e. webmail.company.com
- Certificate requests are handled by IIS just like any IIS 6.0 website
http://www.globalsign.com/support/install/install_mexch.php