jimmy_the_fish
asked on
how to configure a proper SSl for exchange 2010 with many domains?
Hi
I have a single server that is a DC wtih Exchange 2010 SP1 installed. I am attempting to set it up for many domains. I have successfully installed Exchange, installed a UCC SSL from a CA, and configured Exchange for many domains. I have Outlook Anywhere working and have correct DNS records, including autodiscover. testexchangeconnectivity.c om succesfully completes for the 2 domains I have added so far.
On my SSL, i did the FQDN internal, FQDN external. This works for one domain, but I get a SSL certificate warning on the other domains because I didn't add them during the CSR. My question is, how do I get a SSL that will work properly for all domains I host? I thought about a wildcard SSL, but that wont help, will it? I need the SSL to to be good for all 3 checks for any and all domains.
I want to be able to have this certifiate cover 123.com, abc.net, xyz.org, 456.co, etc. Different domains and different extentions. I know this can be done because godaddy does the same thing with their hosted exchange.
Any help is appreciated. Once I get my ssl issue resolved I have accomplised my tasks.
Thank you very much.
Jimmy
I have a single server that is a DC wtih Exchange 2010 SP1 installed. I am attempting to set it up for many domains. I have successfully installed Exchange, installed a UCC SSL from a CA, and configured Exchange for many domains. I have Outlook Anywhere working and have correct DNS records, including autodiscover. testexchangeconnectivity.c
On my SSL, i did the FQDN internal, FQDN external. This works for one domain, but I get a SSL certificate warning on the other domains because I didn't add them during the CSR. My question is, how do I get a SSL that will work properly for all domains I host? I thought about a wildcard SSL, but that wont help, will it? I need the SSL to to be good for all 3 checks for any and all domains.
I want to be able to have this certifiate cover 123.com, abc.net, xyz.org, 456.co, etc. Different domains and different extentions. I know this can be done because godaddy does the same thing with their hosted exchange.
Any help is appreciated. Once I get my ssl issue resolved I have accomplised my tasks.
Thank you very much.
Jimmy
see if your SSL vendor will reissue a new certificate. You need to add the additional SAN names (other names) for the other domains. It will probably cost extra though.
ASKER
i can rekey my my ssl to support update to 5 domains, but i can also purchase a new one that can support all the way up to 100 domains. my questions is tho, will i have to get a new ssl everytime i add a new domain? that doesnt seem right?
did i miss something during my setup or configure something wrong?
did i miss something during my setup or configure something wrong?
I think yes, if you add a domain you need to update the SSL for the new domain. If you can reissue for free then shouldn't be a problem, just extra work. I would verify with your vendor about adding new names and any extra cost.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi Jimmy,
Why dont you go for the wildcard certificate. ex: *.mydomain.com. Then you can use this wildcard certificates will all the domain come under mydomain.com.
Wildcard certificates secure all of the subdomains at the level you specify when you submit your request. Just add an asterisk (*) in the subdomain area of the common name where you want to specify the wildcard. For example:
If you configure *.coolexample.com, you can secure
www.coolexample.com
photos.coolexample.com
blog.coolexample.com, etc.
Why dont you go for the wildcard certificate. ex: *.mydomain.com. Then you can use this wildcard certificates will all the domain come under mydomain.com.
Wildcard certificates secure all of the subdomains at the level you specify when you submit your request. Just add an asterisk (*) in the subdomain area of the common name where you want to specify the wildcard. For example:
If you configure *.coolexample.com, you can secure
www.coolexample.com
photos.coolexample.com
blog.coolexample.com, etc.
Go through the below article, for more information on configuring Exchange 2010 using Wildcard certificate
http://blogs.technet.com/b/exchange/archive/2009/11/20/3408856.aspx
http://blogs.technet.com/b/exchange/archive/2009/11/20/3408856.aspx
ASKER
a wildcard wont work because its different domains, not subdomains. i need to secure 123.com and xyz.net. a wildcard will give me either *.123.com or *.xyz.net
ASKER
anyone else help?
thanks
thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks, but this didnt really help.