[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2163
  • Last Modified:

creating new exchange 2010 OWA ssl cert guidance

hi all,

ive never run through this wizard before and i dont want to do it wrong

ive purchased an UCC certificate i know i need

owa.domain.com
autodiscover.domainname.com
servername.domainname.local
SERVERNAME

so for me it will be

mail.mydomain.org
autodiscover.mydomain.org
CH-EX.mydomain.net
CH-EX

this right? where CH-EX is my exchange server why do we need internal names on the cert?

so under exchang configuration...

Federated Sharing:
do i need it?

Outlook Web App:
well its for owa so i need to tick both?
can i use the same domain name internally and externally? ie mail.mydomain.org

ActiveSync:
i want this, so tick and name mail.mydomain.org?

Client Access server:
web services is ticked, outlook anywhere ticked
name input by default it: mail.domain.org,domain.net, do i delete domain.net?
autodiscover: do i need to change from autodiscover.domain.net(internal) to autodiscover.domain.org (external)
POP/IMAP:
dont think i need either

unified messsaging:
what is it for?
do i need it?

hub transport:
whats hub transport for, i know its important but thats about it :S
TLS shoul i tick it and put in connector details? (i dont know what they are)

Legacy servers:
dont know what they are

the answers to those questions would be great :)
Thanks

0
awilderbeast
Asked:
awilderbeast
  • 4
  • 3
3 Solutions
 
Hilal1924Commented:
this right? where CH-EX is my exchange server why do we need internal names on the cert?

===> You need this for identifying Server with Internal Clients as well as for other subscriptions such as edgde Transport subscription.

Federated Sharing:
do i need it?
====> If you have a sharing agreement with another company for Mail server, This is not required.

Outlook Web App:
well its for owa so i need to tick both?
can i use the same domain name internally and externally? ie mail.mydomain.org

===>Yes You can but not a good idea since you will need to add a Host entry for that in your internal DNS server. Better to use different URL's. Internal could be servername.yourdomain.com, external could be mail.yourdomain.com

ActiveSync:
i want this, so tick and name mail.mydomain.org?
===> Correct

Client Access server:
web services is ticked, outlook anywhere ticked
name input by default it: mail.domain.org,domain.net, do i delete domain.net?
autodiscover: do i need to change from autodiscover.domain.net(internal) to autodiscover.domain.org (external)
===>Yes You should.

POP/IMAP:
dont think i need either

===> Still a good idea to have this. So Keep them checked.

unified messsaging:
what is it for?  :
===>This is used for Voice and fax services. No need to check this one if you are not planning on using this.
do i need it?

hub transport:
whats hub transport for, i know its important but thats about it :S
TLS shoul i tick it and put in connector details? (i dont know what they are)
===> USed for Routing of Emails both internally and externally. You should definitely check this.

Legacy servers:
dont know what they are
====> For Exchange 2003/200 compatibility. Not needed if you don't have any Pre EXchange 2007 Servers.

Hilal

===>



0
 
awilderbeastAuthor Commented:
thanks for the info

jsut a couple more

is it not easier for users to remember the same name for internal and external and i just create the internal host record in dns, onyl takes a sec, or is it advised against for more than that reason?

so ive checked pop/imap for use on intranet and internet
in domain name for the both, it currectly has the CH-EX (servername) this need to be pop@mydomain.org and imap@mydomain.org?

what sort of fax services does unified messaging provided, faxing via email?
might be useful for future, or willit be costly?

hub transport server
do i tick use mutual TLS to help secure internet mail?
do i put my external domain in it mail.domain.org?
do i need to tick use hub transport server for pop/imap too, and again what do i put in?

they both say use the FQDN of your connector in the format /forest root/extension so its not mail.mydomain.org?

Thanks
0
 
GKaloskyCommented:
If you watch this video, it should help with the creation and install of certificates for Exchange 2010.

http://technet.microsoft.com/en-us/exchange/ee890058.aspx

Gary
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
awilderbeastAuthor Commented:
i have no speakers here :S

the answers to my last set of questions will be great, there snothing else i need to know after that

cheers
0
 
Hilal1924Commented:
jsut a couple more

is it not easier for users to remember the same name for internal and external and i just create the internal host record in dns, onyl takes a sec, or is it advised against for more than that reason?

==> you will still need the servername to be in the CSR. Yes you can create a Host Record for external URL. Sounds like a good plan to me.

so ive checked pop/imap for use on intranet and internet
in domain name for the both, it currectly has the CH-EX (servername) this need to be pop@mydomain.org and imap@mydomain.org?

===> No let it be your domain name only. Such mail.yourdomain.com

what sort of fax services does unified messaging provided, faxing via email?
might be useful for future, or willit be costly?

==> Will be really costly believe me. And I don't think you will be using it anytime soon.

hub transport server   ===> Leave this out. You will rarely encrypt traffic between a Hub server and another hub server in your domain.  That is by default taken care of by Self Signed Certificate.

do i tick use mutual TLS to help secure internet mail? ==> Leave this Out.
do i put my external domain in it mail.domain.org? ===> Leave this one out.
do i need to tick use hub transport server for pop/imap too, and again what do i put in?

they both say use the FQDN of your connector in the format /forest root/extension so its not mail.mydomain.org?

 ===> Leave this Out Since you will not be using External Certificate instead will be using internally issued certificate for mail routing between Hub-Transport to Hub-Transport within your domain.


Here is some more Info:

http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx

http://www.digicert.com/ssl-certificate-installation-microsoft-unified-communications.htm (THIS IS A GREAT RESOURCE)

Hilal


0
 
awilderbeastAuthor Commented:
thanks :)

last thing then

for the domains

i put

autodiscover.externaldomain.org
mail.externaldomain.org
CH-EX
CH-EX.internaldomain.net
0
 
Hilal1924Commented:
Yes Sure, Should work Fine :)

Very Best of Luck

Hilal
0
 
awilderbeastAuthor Commented:
thanks :)
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now