Exchange 2007

hello all
we will be configuring our exchange 2007 email server for external use (currently its only used for internal communications)
my question is we will need to provide OWA and active sync for mobile phones
we will be puchasing a verisign SSL certificate for this

if i want to use https://owa.mycompany.com 
and https://mail.mycompany.com for active sync

how would i go about doing this would i require 2 certs?
can i use  the same cert for both?
can i use the same URL for both (https://mail.mycompany.com)
what is the recommended way to set this up?
dano992Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AustinComputerLabsCommented:
From: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26724408.html

With Exchange 2003 - you can use an IP address for the certificate name and use that IP Address to access Activesync - it works happily.  2010 is be a different story.

You will never prevent everyone from trying to access your server (who shouldn't), but with decent security settings and account lockouts etc configured on your server, together with minimising the risk (within reason), you should be fine.

http://alanhardisty.wordpress.com/2010/12/01/increase-in-hacker-attempts-on-windows-exchange-servers-one-way-to-slow-them-down/

Even if you just use VPN for remote Outlook Access, there is nothing to stop a client from pushing spam to your server via a virus on their computer!
AustinComputerLabsCommented:
Here is a walk through for exchange 2007:
http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html

With Exchange Server 2007 a new type of certificate is introduced; it’s called a subject alternative name (SAN) certificate. The interesting thing about a SAN certificate is that it allows us to include multiple FQDNs (aka common names) in one single certificate (Figure 1). This is very useful in regards to Exchange Server 2007, since multiple FQDNs are used by the Outlook 2007 client when accessing an Exchange 2007 server.
Glen KnightCommented:
To answer the actual question.

You woukd have a single certificate and have both names.  It's a SAN/UCC or MultiDimain certificate, see the autodiscover section of my article here for the correct names: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2300-Outlook-continually-prompting-for-username-and-password.html

I would personally use the same name for OWA and for ActiveSync, it makes no difference.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

AustinComputerLabsCommented:
@ demazter I noticed I missed the boat entirely with the first post, and attempted to remedy with the second regarding the SAN cert that allows for multiple xxx.domain.com names.

I have posted a section of what I am linking to ever since I got in trouble from thermoduric where he stated:
The guidelines state that you should post a link to the original content with a brief description.

I am just trying to follow the rules here.
dano992Author Commented:
demazter
so i should just go with say "mail.mycompany.com" certificate for both owa and active sync for the mobile access?

also is it still callled active sync in exchange 2007
Glen KnightCommented:
Yes it is ActiveSync in all versions of Exchange.

Just go with a single URL for both.  But don't forget the other names listed in my article.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.