What certificate to use on SBS 2008 (remote and exchange)

Posted on 2009-12-23
Last Modified: 2012-05-08
Hi, what certificate do i need to use on a SBS 2008 server (Exchange 2007)? My certificate provider told me that i must have a UCC certificate if i want mobile phone to work perfectly, but if i use the certificate wizard in the SBS Console then its for only remote.<mydomain>.no, a UCC certificate could have more than one host and domain name, but in the SBS Console web setings both remote and exchange/owa use https://remote.<mydomain>.no, could i then use a standard certificate that only cost 1/3 of a UCC certificate?

Question by:cral
    LVL 65

    Expert Comment

    The certificate wizard in SBS 2008 makes some presumptions. The main one being that your external DNS provider (who hosts your domain name on the Internet) supports SRV records.

    Many do not.

    For full functionality, including Outlook Anywhere and Exchange ActiveSync support you either need to have an SRV record enabled domain or use a UCC certificate.

    Personally I am treating the SSL certificate the same as I do for full product installations, and using as the common name for everything, including the MX record host name. Certificates come from GoDaddy and I use the instructions on my blog:

    LVL 1

    Author Comment

    I can add SRV as a record on my external DNS provider, do that mean that i could use a standard sertificate to point at and thats it for owa, activesync remote etc? Do i have to open more ports, today its HTTPS and 987 (internal local web).
    LVL 65

    Accepted Solution

    You have created the SRV records as per this KB article?

    You only need port 443 for SSL support and then 25 for inbound SMTP. If you use the wizard it should change all of the references in Exchange for you.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the process of upgrading their existing Backup Exec 2012 to 2014. Either install the CD\DVD into the drive and let it auto-start, or browse to the drive and double-click the Browser file: Select the ap…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now