Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 832
  • Last Modified:

SAN SSL certificates for Exchange 2010


Hi everyone,

I'm just wondering as to why I should keep both CAS server name and CAS servername.mydomain.com into the third party SSL certificates.  We're running Exchange 2007 server.  But we're about to upgrade to Exchange 2010 so Is it required to keep the server name et the server name + domain name on Exchange 2010 ?  Thanks

Here is the current SAN certificate:
"mydomain.com
"s2008excas01
"s2008excas02
"s2008excas03
"s2008excas01.mydomain.com
"s2008excas02.mydomain.com
"s2008excas03.mydomain.com
"autodiscover.mydomain.com
0
quadrumane
Asked:
quadrumane
  • 2
1 Solution
 
Narayan_singhCommented:
There is no such compulsion that you should have those names there it is just reccomendation.
By default internal Urls for Autodiscovery OAB EWS etc use CAS fqdn name in inter URLs (which can be modified though )

FQDN name of CAS
Autodiscover.domain.com
External Domain.com
Mail.domain.com

this should do a job.
0
 
Narayan_singhCommented:
0
 
lastlostlastCommented:
It shows that you have more that 1 CAS server... are the CAS servers in the same site?
If yes then are they in any kind of NLB?

You actually do not require to keep the names of all the CAS servers in the SAN certificate. It depends how you have configured the internal Autodiscover.

If you have modified the SCP (Service connection point) of the autodiscover service internally and set it to a particular CAS server, then OL will connect to only that server and you require only that servers name/fqdn in the SAN certificate.
By default, the SCP is set to the name of the First CAS server installed in the organisation.

In your scenario, it would be best recommended that you set the SCP to the NLB fqdn and modify all the internal URL's as well. That way you only require the name of the NLB/FQDN of NLB in the certificate rather than the CAS servers. This would only apply if you have the CAS in any kind of NLB.

Let us know how it goes.
0
 
quadrumaneAuthor Commented:
Thanks it will be much less expensive this way.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now