exchange 2003, SSL certificates question

Posted on 2011-10-31
Medium Priority
Last Modified: 2012-05-12
Hey All,

I have a client that I just installed 2 internet lines for. They have 2 static IP addresses. We have an SSL certificate installed on the server, but I get a certificate error when I go to OWA from the secondary IP address (the line we just installed).

Do I need a new certificate that can properly cover both IP addresses? What kind of certificate would I need?
Question by:tamaneri

Accepted Solution

jbb75 earned 1000 total points
ID: 37056780

How many exchange servers do you have and what version? I am assuming you have more than one exchange server and if that it is the case have you done any load balancing for OWA?

Certificate should be in the name of the URL published on the internet. So if you have 2 URLs published on the internet then you need to ensure that both the URLs are present on the certificate.

If you can provide your network topology details properly, then perhaps I can help you out.

LVL 13

Assisted Solution

khairil earned 1000 total points
ID: 37057938

Do you setup your exchange for more than 2 OWA? Yup, a diagram would be better.

It is ok to have many lines to a server, however, the important thing is to have cert on the server that reflect to the NS name of the server. So that both line, let say and is refer to same address, www.myemailserver.com. Usually this done by for server load balance with DNS round robin.

So, what cert you need? If you have different name, like www.mymailserver1.com and www.mymailserver2.com then you need to:
1. Have 2 cert, one for each name
1. Just one wildcard cert that can handle both name. Like how I setup my mail server (https://mail1.usm.my and https://mail2.usm.my - both are different server)

If you just have one NS name and ONE server only, one cert is enough for your server for both line (I assume both line connected ot your server).

If you have one NS name but 2 servers (one for each line), you may need to carefull created the CSR using exportable private key, so that when you deploy the cert on one server you can easily export them as PFX file and import it into second server.

Godaddy have cheap cert, and it works.

Author Comment

ID: 37062533
Hey guys,

totally a noob mistake. I just realized I got the certificate error because I browsed to the site via IP. I am having the guys that manage the DNS configure a round-robin DNS so that both public IP addresses (both internet lines) resolve to my A record (mail.companyname.com).

Just since you guys were interested:

2 internet lines coming into a SonicWALL TZ-210. Only 1 exchange server. I am setting up fail-over on the Sonicwall. Need both public IP addresses to resolve to a single A record.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Suggested Courses
Course of the Month16 days, 18 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question