Publishing Exchange 2007 Outlook Web Access and Activesync using different URLs/FQDN

I need to publish activsync for mobile phones, and outlook web access using different authentication mechanism, thus needing different web listeners and different public IP-addresses.

btw - I'll publish using Forefront TMG 2010

But now I need to be able to publish exchange using two different URLs/FQDNs, preferably on different web sites - so i can use two ordinary certificates.

explaind: - for Active sync, web listener on public IP: - for Outlook web access, web listener on public IP:

But doing this on the same web site, I'll need a UC/SAN certificate, I already have a plain SSL certificate, and would prefer to buy just a new SSL and use with the other URL.

Is this possible, or is it easier to deploy UC/SAN certificates? and if so - any experience with ?
LVL 22
Jakob DigranesSenior ConsultantAsked:
Who is Participating?
endital1097Connect With a Mentor Commented:
it is easiest to deploy this using a UC/SAN certificate
there are many solutions in experts exchange covering this topic
Well if you woulden't mind using the same name for both urls, it did be also easier as well.
Jakob DigranesSenior ConsultantAuthor Commented:
cannot use the same name, as I have different web listeners and different public IPs ..
Looking into UC/SAN cert from -
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Why don't you use SSL-bridging? You terminate the SSL on the TMG, forward the requests to the Exchange which is also SSL secure but with its own certificate. External clients only access the external URL.

You would use just one certificate on the Exchange.

Create a publishing rule for Activesync and OWA, creating a listener for each with its certificate. If you are feeling adventorous you can use a SAN certificate on the TMG and publish using one listener and 1 IP. You would use the same listener for different publishing rules.
Jakob DigranesSenior ConsultantAuthor Commented:
Thanks --- proved to be the easiest way,
Jakob DigranesSenior ConsultantAuthor Commented:

Cheap - but a rather odd way of confirming the domain

at least, now it works.
Up and running with active sync for mobile phones, and webmail with swivel pinsafe and AD username two factor
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.