Creating an SSL certificate for Exchange 2010

I am going to purchase an SSL certificate for a new Exchange 2010 server that I'm setting up, but it's been a while since I did this last.  I would like to use OWA and Outlook anywhere, so I need some advice as to what domain names and SAN's to put in the certificate.

Let's say that my mailserver is called: mail-pc

The FQDN is mail-pc.mydomain.internal

Our MX record resolves to

What names do I include (such as autodiscover) to ensure I get the cert right first time?
Who is Participating?
Lets say your external domain is called and there is A records and pointing to your CAS server
You will only need a SAN including and
This is optimal but you will need for your internal users to implement a Split DNS wich is great because users will have the same experience inside and outside the domain.
-they wont have to enter internally https://mail-pc.mydomain.internal/owa but /owa everywhere
Split DNS = To create an internal DNS zone with the same name as your external ( ) and pointing A record "mail" to your local IP address of exchange
You will also have to change the internal URLs of Exchange virtual directories following this KB:
You other option is to include internal names in the SAN but this is not recomended at all
using the default self signed certificates of Exchange but only for SMTP and assign you purchassed certificate for IIS

icuadminAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.