Solved

Different Certificates for ActiveSync and OWA (Exchange 2010)

Posted on 2010-09-10
6
1,493 Views
Last Modified: 2012-05-10
Hi there,

I was wondering if it was possible to use two different certificates and URL's for Activesync and OWA in Exchange 2010.
I want to use the following URL's:
- webmail.domain.com
- sync.domain.com

I have created two certificates with a public CA but found out that you can only apply 1 certificate to a service.

The reason why i want to do this is simple, we want users to authenticate with username, token and password for OWA and not for the activesync connection.

Any thoughts on this problem?
0
Comment
Question by:Netwerkbeheer_AZL
6 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 33645193
They both use IIS (active sync and OWA) so NO you cant have two differnet certificates - unless you install a second client access server.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33645203
yes, you will need to create a new web site on the server then add the virtual directory
new-activesyncvirtualdirectory
0
 
LVL 33

Expert Comment

by:Busbar
ID: 33645281
you can create a new website and then create a new activesync directory under it
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 5

Accepted Solution

by:
ThrainSonOfTimor earned 500 total points
ID: 33645741
There are multiple possibilities:
- Use a SAN certificate
- Create a new binding and use another port (444) instead of 443. Use the second certificate. This can get complicated though because of port forwarding settings on the firewall so I don't recommend this option
- Use two IP adresses and create two bindings for SSL on the two IP adresses with a different certificate. Configure dns to use the right IP address.
- create a new website and new virtual directory as stated above.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33649129
The easiest way to do it is to replace your 2 certificates with one SAN (or UCC) certificate,

a SAN = Subject Alternate Name is a certificate that is used to identify more than one URL and it is very well supported in exchange 2007/2010

Just get a SAN certificate with all your needed URLs and enable it in Exchange
0
 

Author Closing Comment

by:Netwerkbeheer_AZL
ID: 33670207
Thnx, the SAN certificate worked ;)
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now