Different Certificates for ActiveSync and OWA (Exchange 2010)

Hi there,

I was wondering if it was possible to use two different certificates and URL's for Activesync and OWA in Exchange 2010.
I want to use the following URL's:
- webmail.domain.com
- sync.domain.com

I have created two certificates with a public CA but found out that you can only apply 1 certificate to a service.

The reason why i want to do this is simple, we want users to authenticate with username, token and password for OWA and not for the activesync connection.

Any thoughts on this problem?
Who is Participating?
ThrainSonOfTimorConnect With a Mentor Commented:
There are multiple possibilities:
- Use a SAN certificate
- Create a new binding and use another port (444) instead of 443. Use the second certificate. This can get complicated though because of port forwarding settings on the firewall so I don't recommend this option
- Use two IP adresses and create two bindings for SSL on the two IP adresses with a different certificate. Configure dns to use the right IP address.
- create a new website and new virtual directory as stated above.
Pete LongTechnical ConsultantCommented:
They both use IIS (active sync and OWA) so NO you cant have two differnet certificates - unless you install a second client access server.
yes, you will need to create a new web site on the server then add the virtual directory
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

BusbarSolutions ArchitectCommented:
you can create a new website and then create a new activesync directory under it
The easiest way to do it is to replace your 2 certificates with one SAN (or UCC) certificate,

a SAN = Subject Alternate Name is a certificate that is used to identify more than one URL and it is very well supported in exchange 2007/2010

Just get a SAN certificate with all your needed URLs and enable it in Exchange
Netwerkbeheer_AZLAuthor Commented:
Thnx, the SAN certificate worked ;)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.