SAN certificate for Exchange 2003

I have a server running Exchange 2003 and I want to set up RPC over HTTPS. I know I will need a certificate with all of my server names (host name, outside DNS name, Etc).  I've done this before using exchange 2007 but I was able to generate the certificate request using the Exchange Management Shell, (very easy).

In 2003 there is no Shell as far as I know and the only way I can see to manage your certificates is using IIS. As far as I can tell there is no way to generate a cert request was Subject Alternative Names using IIS, and from what I can tell if I use something else to generate the cert request then I can't get IIS to use that certificate.

Any help would be greatly appreciated!

Thanks in advance.
Who is Participating?
BrianKronbergConnect With a Mentor Commented:
Yes you only need a simple SSL certificate with a single name (like  As for if internal users connect via SSL, well, that is dependent on how you configure your server.

I have seen where companies will not use SSL internally because they have a WAN accelerator that does not accelerate SSL, only MAPI and HTTP.

I have also seen where a company will be publishing Exchange externally via ISA and Forms Based Authentication (FBA) will be configured on ISA.  Since FBA can only be done on ISA or Exchange, internal users will use HTTP instead.  This can be resolved by adding another website on the Ex2003 server to support FBA for internal users.

If you are not using ISA then I would configure FBA on Ex2003 and automatically redirect users from port 80 to port 443 so SSL is used internally and externally.   (google this, there are lots of resources how to redirect OWA)
- Exchange 2003 does not support SAN certificates
- Exchange 2003 only requires one name on the certificate, i.e.
- Certificate requests are handled by IIS just like any IIS 6.0 website
Burns2007Connect With a Mentor Commented:
you don't need one for exchagne 2003, as you don't have autodiscover to require multiple hostnames.

Good guide on how to set it up:

Whatever external address you are going to use: etc is all you need.

armerdanAuthor Commented:
Just to make sure I'm understanding:

The only address I need on the certificate for 2003 is the public fully qualified domain name (

If that is the case then the clients inside the office won't have any trouble connecting to the various Exchange services?

That is great if that is the case. Does that mean that the internal traffic is not encrypted? I guess it's just hard to imagine that mail.domainname.local doesn't need to be there as well as Etc.

armerdanAuthor Commented:
Thanks a lot it's up and working now. I never thought I'd be more comfortable with 07 than 03........ Wow.

Thanks again.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.