Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2010 Wilcard Certifates and parens child domains

Posted on 2011-03-03
16
Medium Priority
?
1,245 Views
Last Modified: 2012-05-11
I'm in the process of planning out my exchange 2010 migration. I have a parent child domain structure were are parent domain is just a place holder domain. I was planning on getting to wildcard certificates to cover both domains. Can A Exchange 2010 CAS server handle to differnt wildcard certifcates for a parent and child domain
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
16 Comments
 
LVL 11

Expert Comment

by:MichaelVH
ID: 35026322
Hi there!

You can use wildcard certificates, but keep in mind that there are some restrictions to the use of that (not all mobile devices support that).

Michael
0
 
LVL 20

Author Comment

by:compdigit44
ID: 35026383
were are only using Blackberry's buty can two seperate wildcard certificates be installed on the CAS server
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35026844
you don't need two certificates and in any case you can install only one certificate on your CAS for exchange use not 2
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 20

Author Comment

by:compdigit44
ID: 35026935
I have read on the Godaddy site that Wildcard certifcate have problem with Child domains
this is why I want to get to certifacte to make sure I wouldn't run into any problems going forward.

Can two differnt domain certifates be installed on a CAS server at the same time
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35026984
you can install/use only one certificate on a cas server it can contain as many SAN that you want but they have to be in the same certificate
0
 
LVL 20

Author Comment

by:compdigit44
ID: 35027203
But I have ready articles on Wildcard certicates have problems with child domain my internal domain is a child domain for example:  server1.domain.domain.org

I wanted to get a Wildcard certicate because will will allow use to added additional services and servers to our exchange enviroment without havingn to worry about our certifcates
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35027270
a certificate *.domain.com will not work for domain.domain.com

still on exchange  you can have only one certificate, unless you can have *.domain.com and *.domain.domain.com in the same certificate it won't work

0
 
LVL 20

Author Comment

by:compdigit44
ID: 35027326
Ok what if I were to by two wildcard certiifcates one for my internal child domain and install it on my CAS server and get another one for my parent domain and install it on my TMG server to cover my external connection???
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35027577
yes this works but i honestly didn't understand why you need 2
0
 
LVL 20

Author Comment

by:compdigit44
ID: 35150962
So for the long delay..

I guess I'm confused ..

My internal domain is a child domain but users connect to the parent domain name. I just don't want my external users to get certificate errorc when connecting to the external sitre for intenerl aresource if I get a wildvard card certificte for my parent domain only. Again I have read that wildcard certifcate have problems wih child domains
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35154655
excuse me I am the one confused maybe because it has been 15 days since the last update of this question so I lost a bit track


you have Domain.com which is an AD domain holding your exchange and your TMG servers
You have child.domain.com which is your AD domain holding your user accounts and your external domain as well as your email addresses user@child.domain.com

if the above is right there is no need for domain.com at all in your certificate you just need child.domain.com
0
 
LVL 20

Author Comment

by:compdigit44
ID: 35157174
Akhater.. you are correcnt my parent domain is just a place holder and my child domain contains all of my users accounts & servers...

I was concerned that I would run into problem with a child domain and wild card certificates.  So how can placing and internal certificate for the child domain automatically cover my external parent domain name when uses connec to Exchange 2010 OWA?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35157915
your email address are @child.domain.com or @domain.com ?

your owa is https://owa.domain.com or https://owa.child.domain.com ?
0
 
LVL 20

Author Comment

by:compdigit44
ID: 35158416
our email address are @domain.com

our owa sidte is https://mail.domain.com/exchange
0
 
LVL 20

Author Comment

by:compdigit44
ID: 35158935
OK I foud something interesting... a wildcard certificate does not support NETBIOS names..

so I guess if a get a SAN certifcation will all of my internal and external domain names I should be all set... I hope
0
 
LVL 49

Accepted Solution

by:
Akhater earned 2000 total points
ID: 35159591
then you do not need only your External name you do not need your child.domain.com in it nor your netbios names

who gave you the idea you need netbios names?
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question