certificates for windows 2008 SBS (remote web workplace and OWA )

you need a UCC certificate from somewhere like godaddy.com

it needs to hold differnt domain names such as:

autodiscover.<domain>.com
remote.<domain>.com
<domain>.com
<servername>.local

The following article gives you a quick explanation of the requirements for Exchange 2007.  That is mainly what you need it for in SBS2008, as it will automatically look after the rest if you include remote.

Correct, you don't need one, but if you want autodiscover for exchange, and mobile devices to work easily it is better to get one.

Fair enough, then the only issue is distributing the certificate each year when it expires for RWW.

To be honest the only reason I started buying certificates was a number of clients had mobile devices that were locked and would not accept certificates from trusted sources.

sorry, non trusted sources

OK I think non UCC wins because of the ease. but Why would people want to buy the UCC certificates? What are the advantages over non UCC?

The only benifit of the UCC is the multiple names.  You get errors when you browse to things with different names that don't appear on the certifiate.

So Cliff, are you saying that autodiscover and mobile devices work well for you with just a standard puchased certificate even though it does not contain the autodiscover name?  Sorry to ask questions on your post resolver1?

tonyperth: Precisely what I'm saying. One DNS SRV record resolves that issue. It allows Outlook 2007 SP1 (not RTM) and most newer activesync devices that support autodiscover to find the proper domain name (in SBS, this is usually remote.) and in that scenario, the certificate matches.  I've deployed this exact scenario many times over and I've never had a problem.

resolver1: Tony is exactly right on the desire to purchase UCC certs. There are certainly scenarios where I may want to purchase a certificate to secure several domain names that I run...on a web server for example.
They've also *become* popular with Exchange deployments because in an enterprise environment it is easier to buy a cert than maintain DNS. It has become so popular however that there has been some collective knowledge loss and most newer exchange admins (of which SBS applies) don't even realize there are alternatives.
So there you have it. UCC's definitely do have a place. Just not a necessity in this particular situation.

no problems asking on my post.  its good that you are asking as your probably asking questions i should be :-) I dont want to just know the best certificate for my senerio. i want to learn what certificates types there are and the circumstances they are used in.

There is another purpose for the certificate which is for EDI messages between us and our supplier.  I'll need to check the requirements from them tomorrow.

Right I've researched the certificates and alot of people seem to be going for the godaddy.  I've checked there website and it has the standard Single Domain option http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=9039.

I'm not fully understanding at which level the certificates work.  I'll explain my situation and maybe you can help.

We have a domain name which is CompanyName.com which for MX records and HTTP traffic points to our hosting provider.  I was thinking of pointing Remote.CompanyName.com to our perimeter router/firewall?

Does the certificate belong to Remote.CompanyName.com or does it belong to a partular machine e.g. PC1.Remote.CompanyName.com?  

It belongs to Remote.companyname.com

Rightio, I understand.  There was just some doubt in my mind but you've cleared it up for me.