how to get authorized certificate for two domains for SBS 2008?

mob_dream used Ask the Experts™

I have purchased an authorized certificate for my server but they issued for this domain only:

My question is how about because my users don't know how to install the self signed certificate.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Solution Consultant
in the certificate request you can add the SAN.
usually when you buy a  public certificate (eg by DigiCert), you can enter up to 5 SAN.
The SAN (Subject Alternative Name) are used to add other names to which the certificate is authentic (in your case for autodiscovery).
Use the Exchange wizard to create a certificate, this will include all the names useful for creating the right cert req.

Lee OsborneSenior Infrastructure Engineer

We use a wildcard certificate, i.e. * . This way, we can use whatever subdomain we need to.

Syed Mutahir Alibinarybonsai
You would request additional names / domains when you are purchasing  your certificate.

depending on the provider you can open up a  request that you want additional "NAMES" on the certificate


#NETBIOS name of  Exchange Or SBS : EX-2k7 (example)
#Internal FQDN:SBS .abc.local (example)
#External FQDN (Public  name):
#Autodiscover name: (example) #SubjectName: (example)
Mino DCSolution Consultant


Not all Certificate Authorities support these types of certificates.

and this for the new certificate:
Distinguished Expert 2018
As others have said, the way to get multiple names on a certificate is to request them at the time of purchase. MOST certificate providers charge extra for this (called a UCC certificate) so if you've already purchased, you may not be able to request an upgrade.
With that said, I believe UCC certificates are overkill in SBS. Your cert will work fine with a couple of tweaks:
1) Delete any wildcard A records from your PUBLIC DNS host. Wildcard lookups will cause outlook to think that exists on another server (usually a hosted web server, for example) when it doesn't, and that in turn will cause problems even if you *do* have a UCC cert. Wildcard records are bad.
2) Create a SRV record on your external/public DNS host to redirect autodiscovery to look for More about his is covered here:
3) Finally, make sure you've run the IAMW (also covered in the blog post I linked to) as it creates the appropriate internal "split-brain" zone to make sure that lookups from within the local network get the private IP instead of the public one.
That's all there is to it. One inexpensive non-UCC cert works fine with SBS.
You can also purchase a standard SSL Cert from Godaddy and make some DNS adjusmtnets and make it work that way. It is much cheaper.
Sorry for the double post, when I had my window open posting there was only one other post :)


Thank you everyone.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial