how to configure a proper SSl for exchange 2010 with many domains?

Hi

I have a single server that is a DC wtih Exchange 2010 SP1 installed.  I am attempting to set it up for many domains.  I have successfully installed Exchange, installed a UCC SSL from a CA, and configured Exchange for many domains.  I have Outlook Anywhere working and have correct DNS records, including autodiscover.  testexchangeconnectivity.com succesfully completes for the 2 domains I have added so far.

On my SSL, i did the FQDN internal, FQDN external.  This works for one domain, but I get a SSL certificate warning on the other domains because I didn't add them during the CSR.  My question is, how do I get a SSL that will work properly for all domains I host?  I thought about a wildcard SSL, but that wont help, will it?   ssl cert  I need the SSL to to be good for all 3 checks for any and all domains.

I want to be able to have this certifiate cover 123.com, abc.net, xyz.org, 456.co, etc.  Different domains and different extentions.  I know this can be done because godaddy does the same thing with their hosted exchange.

Any help is appreciated.  Once I get my ssl issue resolved I have accomplised my tasks.

Thank you very much.
Jimmy
LVL 1
jimmy_the_fishAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

chakkoCommented:
see if your SSL vendor will reissue a new certificate. You need to add the additional SAN names (other names) for the other domains.  It will probably cost extra though.
0
jimmy_the_fishAuthor Commented:
i can rekey my my ssl to support update to 5 domains, but i can also purchase a new one that can support all the way up to 100 domains.  my questions is tho, will i have to get a new ssl everytime i add a new domain?  that doesnt seem right?

did i miss something during my setup or configure something wrong?
0
chakkoCommented:
I think yes, if you add a domain you need to update the SSL for the new domain.  If you can reissue for free then shouldn't be a problem, just extra work.  I would verify with your vendor about adding new names and any extra cost.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Shreedhar EtteCommented:
Please refer this article:
http://support.microsoft.com/kb/940881
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vinsvinCommented:
Hi Jimmy,

Why dont you go for the wildcard certificate. ex: *.mydomain.com. Then you can use this wildcard certificates will all the domain come under mydomain.com.

Wildcard certificates secure all of the subdomains at the level you specify when you submit your request. Just add an asterisk (*) in the subdomain area of the common name where you want to specify the wildcard. For example:

If you configure *.coolexample.com, you can secure
www.coolexample.com
photos.coolexample.com
blog.coolexample.com, etc.
0
vinsvinCommented:
Go through the below article, for more information on configuring Exchange 2010 using Wildcard certificate

http://blogs.technet.com/b/exchange/archive/2009/11/20/3408856.aspx
0
jimmy_the_fishAuthor Commented:
a wildcard wont work because its different domains, not subdomains.  i need to secure 123.com and xyz.net.  a wildcard will give me either *.123.com or *.xyz.net
0
jimmy_the_fishAuthor Commented:
anyone else help?
thanks
0
chakkoCommented:
Have you setup DNS SRV records as per the link that shreedhar posted?  That may stop the popups from coming for autodiscover.  in the SRV record use a host FQDN that is the CN on your SSL certificate.
0
jimmy_the_fishAuthor Commented:
thanks, but this didnt really help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.