?
Solved

SAN SSL certificates for Exchange 2010

Posted on 2010-01-12
4
Medium Priority
?
828 Views
Last Modified: 2012-06-27

Hi everyone,

I'm just wondering as to why I should keep both CAS server name and CAS servername.mydomain.com into the third party SSL certificates.  We're running Exchange 2007 server.  But we're about to upgrade to Exchange 2010 so Is it required to keep the server name et the server name + domain name on Exchange 2010 ?  Thanks

Here is the current SAN certificate:
"mydomain.com
"s2008excas01
"s2008excas02
"s2008excas03
"s2008excas01.mydomain.com
"s2008excas02.mydomain.com
"s2008excas03.mydomain.com
"autodiscover.mydomain.com
0
Comment
Question by:quadrumane
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Narayan_singh
ID: 26294439
There is no such compulsion that you should have those names there it is just reccomendation.
By default internal Urls for Autodiscovery OAB EWS etc use CAS fqdn name in inter URLs (which can be modified though )

FQDN name of CAS
Autodiscover.domain.com
External Domain.com
Mail.domain.com

this should do a job.
0
 
LVL 15

Expert Comment

by:Narayan_singh
ID: 26294514
0
 
LVL 13

Accepted Solution

by:
lastlostlast earned 2000 total points
ID: 26294748
It shows that you have more that 1 CAS server... are the CAS servers in the same site?
If yes then are they in any kind of NLB?

You actually do not require to keep the names of all the CAS servers in the SAN certificate. It depends how you have configured the internal Autodiscover.

If you have modified the SCP (Service connection point) of the autodiscover service internally and set it to a particular CAS server, then OL will connect to only that server and you require only that servers name/fqdn in the SAN certificate.
By default, the SCP is set to the name of the First CAS server installed in the organisation.

In your scenario, it would be best recommended that you set the SCP to the NLB fqdn and modify all the internal URL's as well. That way you only require the name of the NLB/FQDN of NLB in the certificate rather than the CAS servers. This would only apply if you have the CAS in any kind of NLB.

Let us know how it goes.
0
 

Author Comment

by:quadrumane
ID: 26295312
Thanks it will be much less expensive this way.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question