creating new exchange 2010 OWA ssl cert guidance

hi all,

ive never run through this wizard before and i dont want to do it wrong

ive purchased an UCC certificate i know i need

owa.domain.com
autodiscover.domainname.com
servername.domainname.local
SERVERNAME

so for me it will be

mail.mydomain.org
autodiscover.mydomain.org
CH-EX.mydomain.net
CH-EX

this right? where CH-EX is my exchange server why do we need internal names on the cert?

so under exchang configuration...

Federated Sharing:
do i need it?

Outlook Web App:
well its for owa so i need to tick both?
can i use the same domain name internally and externally? ie mail.mydomain.org

ActiveSync:
i want this, so tick and name mail.mydomain.org?

Client Access server:
web services is ticked, outlook anywhere ticked
name input by default it: mail.domain.org,domain.net, do i delete domain.net?
autodiscover: do i need to change from autodiscover.domain.net(internal) to autodiscover.domain.org (external)
POP/IMAP:
dont think i need either

unified messsaging:
what is it for?
do i need it?

hub transport:
whats hub transport for, i know its important but thats about it :S
TLS shoul i tick it and put in connector details? (i dont know what they are)

Legacy servers:
dont know what they are

the answers to those questions would be great :)
Thanks

LVL 1
awilderbeastAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hilal1924Commented:
this right? where CH-EX is my exchange server why do we need internal names on the cert?

===> You need this for identifying Server with Internal Clients as well as for other subscriptions such as edgde Transport subscription.

Federated Sharing:
do i need it?
====> If you have a sharing agreement with another company for Mail server, This is not required.

Outlook Web App:
well its for owa so i need to tick both?
can i use the same domain name internally and externally? ie mail.mydomain.org

===>Yes You can but not a good idea since you will need to add a Host entry for that in your internal DNS server. Better to use different URL's. Internal could be servername.yourdomain.com, external could be mail.yourdomain.com

ActiveSync:
i want this, so tick and name mail.mydomain.org?
===> Correct

Client Access server:
web services is ticked, outlook anywhere ticked
name input by default it: mail.domain.org,domain.net, do i delete domain.net?
autodiscover: do i need to change from autodiscover.domain.net(internal) to autodiscover.domain.org (external)
===>Yes You should.

POP/IMAP:
dont think i need either

===> Still a good idea to have this. So Keep them checked.

unified messsaging:
what is it for?  :
===>This is used for Voice and fax services. No need to check this one if you are not planning on using this.
do i need it?

hub transport:
whats hub transport for, i know its important but thats about it :S
TLS shoul i tick it and put in connector details? (i dont know what they are)
===> USed for Routing of Emails both internally and externally. You should definitely check this.

Legacy servers:
dont know what they are
====> For Exchange 2003/200 compatibility. Not needed if you don't have any Pre EXchange 2007 Servers.

Hilal

===>



0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
awilderbeastAuthor Commented:
thanks for the info

jsut a couple more

is it not easier for users to remember the same name for internal and external and i just create the internal host record in dns, onyl takes a sec, or is it advised against for more than that reason?

so ive checked pop/imap for use on intranet and internet
in domain name for the both, it currectly has the CH-EX (servername) this need to be pop@mydomain.org and imap@mydomain.org?

what sort of fax services does unified messaging provided, faxing via email?
might be useful for future, or willit be costly?

hub transport server
do i tick use mutual TLS to help secure internet mail?
do i put my external domain in it mail.domain.org?
do i need to tick use hub transport server for pop/imap too, and again what do i put in?

they both say use the FQDN of your connector in the format /forest root/extension so its not mail.mydomain.org?

Thanks
0
GKaloskyCommented:
If you watch this video, it should help with the creation and install of certificates for Exchange 2010.

http://technet.microsoft.com/en-us/exchange/ee890058.aspx

Gary
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

awilderbeastAuthor Commented:
i have no speakers here :S

the answers to my last set of questions will be great, there snothing else i need to know after that

cheers
0
Hilal1924Commented:
jsut a couple more

is it not easier for users to remember the same name for internal and external and i just create the internal host record in dns, onyl takes a sec, or is it advised against for more than that reason?

==> you will still need the servername to be in the CSR. Yes you can create a Host Record for external URL. Sounds like a good plan to me.

so ive checked pop/imap for use on intranet and internet
in domain name for the both, it currectly has the CH-EX (servername) this need to be pop@mydomain.org and imap@mydomain.org?

===> No let it be your domain name only. Such mail.yourdomain.com

what sort of fax services does unified messaging provided, faxing via email?
might be useful for future, or willit be costly?

==> Will be really costly believe me. And I don't think you will be using it anytime soon.

hub transport server   ===> Leave this out. You will rarely encrypt traffic between a Hub server and another hub server in your domain.  That is by default taken care of by Self Signed Certificate.

do i tick use mutual TLS to help secure internet mail? ==> Leave this Out.
do i put my external domain in it mail.domain.org? ===> Leave this one out.
do i need to tick use hub transport server for pop/imap too, and again what do i put in?

they both say use the FQDN of your connector in the format /forest root/extension so its not mail.mydomain.org?

 ===> Leave this Out Since you will not be using External Certificate instead will be using internally issued certificate for mail routing between Hub-Transport to Hub-Transport within your domain.


Here is some more Info:

http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx

http://www.digicert.com/ssl-certificate-installation-microsoft-unified-communications.htm (THIS IS A GREAT RESOURCE)

Hilal


0
awilderbeastAuthor Commented:
thanks :)

last thing then

for the domains

i put

autodiscover.externaldomain.org
mail.externaldomain.org
CH-EX
CH-EX.internaldomain.net
0
Hilal1924Commented:
Yes Sure, Should work Fine :)

Very Best of Luck

Hilal
0
awilderbeastAuthor Commented:
thanks :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.