how to get authorized certificate for two domains for SBS 2008?

mob_dream
mob_dream used Ask the Experts™
on
Hello,

I have purchased an authorized certificate for my server but they issued for this domain only:

remote.mydomain.com

My question is how about autodiscover.mydomain.com because my users don't know how to install the self signed certificate.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Solution Consultant
Commented:
in the certificate request you can add the SAN.
usually when you buy a  public certificate (eg by DigiCert), you can enter up to 5 SAN.
The SAN (Subject Alternative Name) are used to add other names to which the certificate is authentic (in your case for autodiscovery).
Use the Exchange wizard to create a certificate, this will include all the names useful for creating the right cert req.

Lee OsborneSenior Infrastructure Engineer

Commented:
We use a wildcard certificate, i.e. *.domainname.com . This way, we can use whatever subdomain we need to.

Lee
Syed Mutahir Alibinarybonsai
Commented:
You would request additional names / domains when you are purchasing  your certificate.

depending on the provider you can open up a  request that you want additional "NAMES" on the certificate

 
 http://msmvps.com/blogs/bradley/archive/2008/11/24/what-s-the-best-cert-for-sbs-2008.aspx
https://www.digicert.com/easy-csr/exchange2007.htm


         https://CAS01/owa
       https://CAS01.FQDN.name/owa
       https://CASIntranetName/owa
       remote.domain.com
         https://autodiscover.emaildomain.com


http://technet.microsoft.com/en-us/library/aa995942.aspx



#NETBIOS name of  Exchange Or SBS : EX-2k7 (example)
#Internal FQDN:SBS .abc.local (example)
#External FQDN (Public  name): remote.domain.com
#Autodiscover name:  autodiscover.domain.com (example) #SubjectName:  cn=webmail.abc.com (example)
Mino DCSolution Consultant

Commented:
p.s.:

Not all Certificate Authorities support these types of certificates.
See: http://support.microsoft.com/kb/929395/en-us


and this for the new certificate:

http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx
Distinguished Expert 2018
Commented:
As others have said, the way to get multiple names on a certificate is to request them at the time of purchase. MOST certificate providers charge extra for this (called a UCC certificate) so if you've already purchased, you may not be able to request an upgrade.
With that said, I believe UCC certificates are overkill in SBS. Your remote.domainname.com cert will work fine with a couple of tweaks:
1) Delete any wildcard A records from your PUBLIC DNS host. Wildcard lookups will cause outlook to think that autodiscover.domainname.com exists on another server (usually a hosted web server, for example) when it doesn't, and that in turn will cause problems even if you *do* have a UCC cert. Wildcard records are bad.
2) Create a SRV record on your external/public DNS host to redirect autodiscovery to look for remote.domainname.com More about his is covered here:
http://blogs.technet.com/b/sbs/archive/2008/12/03/how-outlook-2007-and-windows-mobile-6-1-use-autodiscover-with-sbs-2008.aspx
3) Finally, make sure you've run the IAMW (also covered in the blog post I linked to) as it creates the appropriate internal "split-brain" zone to make sure that remote.domainname.com lookups from within the local network get the private IP instead of the public one.
That's all there is to it. One inexpensive non-UCC cert works fine with SBS.
You can also purchase a standard SSL Cert from Godaddy and make some DNS adjusmtnets and make it work that way. It is much cheaper.

http://msmvps.com/blogs/bradley/archive/2009/06/14/mythbusting-the-need-for-ucc-certs.aspx
Sorry for the double post, when I had my window open posting there was only one other post :)

Author

Commented:
Thank you everyone.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial