UC/SAN certificates in a multi-site environment
Posted on 2011-09-12
I administer an Exchange environment with 5 sites in different towns, connected via WAN links. The main office is our mail gateway (for incoming traffic, anyway) and there is a Hub/MBX/CAS server at each site in the same internal AD domain (domain.internal). While intra-office traffic is handled through the WAN/VPN, each office's server can send external mail directly and has its own OWA configuration, e.g. city1.pubdomain.com/OWA, etc. There are also multiple public domains, pubdomain.com, thisdomain.org, etc. I had previously installed wildcard certificates on each server, which worked fine in the Exchange 2003 days (all sites are 2007-2010 now), but I would like to unify/simplify this process.
1- exactly how many SAN names do I need to include? I understand that the internal FQDN is needed, but is each individual internal servername necessary? If I'm understanding that right, my list would look something like this:
server1, server2, ..... server5
server1.domain.internal, ... server5.domain.internal
city1.pubdomain.com, ..., city5.pubdomain.com
city1.thisdomain.org, ..., city5.thisdomain.org
That's a lot of names! can this list reasonably be shortened?
2- Some SAN certificate vendors are now advertising certificates that can be installed on multiple servers. Would that be helpful/cost-effective in this situation, or is that more for multiple servers in the same site?
Thanks in advance for clearing this up.