[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 184
  • Last Modified:

how to configure a proper SSl for exchange 2010 with many domains?

Hi

I have a single server that is a DC wtih Exchange 2010 SP1 installed.  I am attempting to set it up for many domains.  I have successfully installed Exchange, installed a UCC SSL from a CA, and configured Exchange for many domains.  I have Outlook Anywhere working and have correct DNS records, including autodiscover.  testexchangeconnectivity.com succesfully completes for the 2 domains I have added so far.

On my SSL, i did the FQDN internal, FQDN external.  This works for one domain, but I get a SSL certificate warning on the other domains because I didn't add them during the CSR.  My question is, how do I get a SSL that will work properly for all domains I host?  I thought about a wildcard SSL, but that wont help, will it?   ssl cert  I need the SSL to to be good for all 3 checks for any and all domains.

I want to be able to have this certifiate cover 123.com, abc.net, xyz.org, 456.co, etc.  Different domains and different extentions.  I know this can be done because godaddy does the same thing with their hosted exchange.

Any help is appreciated.  Once I get my ssl issue resolved I have accomplised my tasks.

Thank you very much.
Jimmy
0
jimmy_the_fish
Asked:
jimmy_the_fish
  • 4
  • 3
  • 2
  • +1
2 Solutions
 
chakkoCommented:
see if your SSL vendor will reissue a new certificate. You need to add the additional SAN names (other names) for the other domains.  It will probably cost extra though.
0
 
jimmy_the_fishAuthor Commented:
i can rekey my my ssl to support update to 5 domains, but i can also purchase a new one that can support all the way up to 100 domains.  my questions is tho, will i have to get a new ssl everytime i add a new domain?  that doesnt seem right?

did i miss something during my setup or configure something wrong?
0
 
chakkoCommented:
I think yes, if you add a domain you need to update the SSL for the new domain.  If you can reissue for free then shouldn't be a problem, just extra work.  I would verify with your vendor about adding new names and any extra cost.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Shreedhar EtteCommented:
Please refer this article:
http://support.microsoft.com/kb/940881
0
 
vinsvinCommented:
Hi Jimmy,

Why dont you go for the wildcard certificate. ex: *.mydomain.com. Then you can use this wildcard certificates will all the domain come under mydomain.com.

Wildcard certificates secure all of the subdomains at the level you specify when you submit your request. Just add an asterisk (*) in the subdomain area of the common name where you want to specify the wildcard. For example:

If you configure *.coolexample.com, you can secure
www.coolexample.com
photos.coolexample.com
blog.coolexample.com, etc.
0
 
vinsvinCommented:
Go through the below article, for more information on configuring Exchange 2010 using Wildcard certificate

http://blogs.technet.com/b/exchange/archive/2009/11/20/3408856.aspx
0
 
jimmy_the_fishAuthor Commented:
a wildcard wont work because its different domains, not subdomains.  i need to secure 123.com and xyz.net.  a wildcard will give me either *.123.com or *.xyz.net
0
 
jimmy_the_fishAuthor Commented:
anyone else help?
thanks
0
 
chakkoCommented:
Have you setup DNS SRV records as per the link that shreedhar posted?  That may stop the popups from coming for autodiscover.  in the SRV record use a host FQDN that is the CN on your SSL certificate.
0
 
jimmy_the_fishAuthor Commented:
thanks, but this didnt really help.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now