Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Exchange 2010 CAS / OWA certificate

Posted on 2010-09-20
4
Medium Priority
?
895 Views
Last Modified: 2012-05-10
Hi Experts,

I'm setting up Exchange 2010 and wanted to make sure I am requesting my SSL certificate correctly for OWA, CAS Servers and DAG servers.  I wasn't certain if I needed to request it with the names for all 3 or just the OWA common name.

I won't be using Outlook Anywhere or Autodiscover over the Internet.  All e-mail traffic will be via OWA or Outlook with VPN / Local Access.

Should I just put in:

owa.mydomain.com (Outlook Web App URL)
cas-array.mydomain.com (Client Access Array URL)
dag.mydomain.com (Database Availability Group URL)

Do I need to put in the names of the individual CAS and DAG member servers as well?

Any help would be most appreciated since I don't want to put more information in the certificate request than is needed but also want to make sure i have everything covered.

Thanks very much!
0
Comment
Question by:cja777
  • 2
  • 2
4 Comments
 
LVL 32

Expert Comment

by:endital1097
ID: 33721414
do you have an internal dns zone for your external facing domain name?
if you do, then you don't need to add each server within the cert

you also don't need cas-array or dag
0
 

Author Comment

by:cja777
ID: 33721457
I have a forward lookup zone for site.mydomain.com (internal) and mydomain.com (external)

I have A records created for owa.site.mydomain.com and owa.mydomain.com

both accessible from inside my domain with the self signed certificate.  I get the expected error since it's not signed by a trusted CA.

So you're saying once it has the OWA URL exchange should be smart enough to figure out the rest?  It just needs the OWA Common Name?
0
 
LVL 32

Accepted Solution

by:
endital1097 earned 1000 total points
ID: 33721472
your certificate needs to contain all fqdn values that will be used by exchange
since your internal and external domain names are different you need a minimum of two names in your certificate

owa.site.mydomain.com
owa.mydomain.com

you will configure the internal url values for all virtual directories with owa.site.mydomain.com and the external url values with owa.mdomain.com
0
 

Author Closing Comment

by:cja777
ID: 33721483
Excellent, thanks very much for the clarification.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question