SAN SSL certificates for Exchange 2010


Hi everyone,

I'm just wondering as to why I should keep both CAS server name and CAS servername.mydomain.com into the third party SSL certificates.  We're running Exchange 2007 server.  But we're about to upgrade to Exchange 2010 so Is it required to keep the server name et the server name + domain name on Exchange 2010 ?  Thanks

Here is the current SAN certificate:
"mydomain.com
"s2008excas01
"s2008excas02
"s2008excas03
"s2008excas01.mydomain.com
"s2008excas02.mydomain.com
"s2008excas03.mydomain.com
"autodiscover.mydomain.com
quadrumaneAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Narayan_singhCommented:
There is no such compulsion that you should have those names there it is just reccomendation.
By default internal Urls for Autodiscovery OAB EWS etc use CAS fqdn name in inter URLs (which can be modified though )

FQDN name of CAS
Autodiscover.domain.com
External Domain.com
Mail.domain.com

this should do a job.
0
Narayan_singhCommented:
0
lastlostlastCommented:
It shows that you have more that 1 CAS server... are the CAS servers in the same site?
If yes then are they in any kind of NLB?

You actually do not require to keep the names of all the CAS servers in the SAN certificate. It depends how you have configured the internal Autodiscover.

If you have modified the SCP (Service connection point) of the autodiscover service internally and set it to a particular CAS server, then OL will connect to only that server and you require only that servers name/fqdn in the SAN certificate.
By default, the SCP is set to the name of the First CAS server installed in the organisation.

In your scenario, it would be best recommended that you set the SCP to the NLB fqdn and modify all the internal URL's as well. That way you only require the name of the NLB/FQDN of NLB in the certificate rather than the CAS servers. This would only apply if you have the CAS in any kind of NLB.

Let us know how it goes.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
quadrumaneAuthor Commented:
Thanks it will be much less expensive this way.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.