?
Solved

Exchange 2010 CAS / OWA certificate

Posted on 2010-09-20
4
Medium Priority
?
891 Views
Last Modified: 2012-05-10
Hi Experts,

I'm setting up Exchange 2010 and wanted to make sure I am requesting my SSL certificate correctly for OWA, CAS Servers and DAG servers.  I wasn't certain if I needed to request it with the names for all 3 or just the OWA common name.

I won't be using Outlook Anywhere or Autodiscover over the Internet.  All e-mail traffic will be via OWA or Outlook with VPN / Local Access.

Should I just put in:

owa.mydomain.com (Outlook Web App URL)
cas-array.mydomain.com (Client Access Array URL)
dag.mydomain.com (Database Availability Group URL)

Do I need to put in the names of the individual CAS and DAG member servers as well?

Any help would be most appreciated since I don't want to put more information in the certificate request than is needed but also want to make sure i have everything covered.

Thanks very much!
0
Comment
Question by:cja777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 32

Expert Comment

by:endital1097
ID: 33721414
do you have an internal dns zone for your external facing domain name?
if you do, then you don't need to add each server within the cert

you also don't need cas-array or dag
0
 

Author Comment

by:cja777
ID: 33721457
I have a forward lookup zone for site.mydomain.com (internal) and mydomain.com (external)

I have A records created for owa.site.mydomain.com and owa.mydomain.com

both accessible from inside my domain with the self signed certificate.  I get the expected error since it's not signed by a trusted CA.

So you're saying once it has the OWA URL exchange should be smart enough to figure out the rest?  It just needs the OWA Common Name?
0
 
LVL 32

Accepted Solution

by:
endital1097 earned 1000 total points
ID: 33721472
your certificate needs to contain all fqdn values that will be used by exchange
since your internal and external domain names are different you need a minimum of two names in your certificate

owa.site.mydomain.com
owa.mydomain.com

you will configure the internal url values for all virtual directories with owa.site.mydomain.com and the external url values with owa.mdomain.com
0
 

Author Closing Comment

by:cja777
ID: 33721483
Excellent, thanks very much for the clarification.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question