Creating an SSL certificate for Exchange 2010

I am going to purchase an SSL certificate for a new Exchange 2010 server that I'm setting up, but it's been a while since I did this last.  I would like to use OWA and Outlook anywhere, so I need some advice as to what domain names and SAN's to put in the certificate.

Let's say that my mailserver is called: mail-pc

The FQDN is mail-pc.mydomain.internal

Our MX record resolves to mail.anotherdomain.co.uk

What names do I include (such as autodiscover) to ensure I get the cert right first time?
LVL 1
icuadminAsked:
Who is Participating?
 
sirakovCommented:
Hello,
Lets say your external domain is called mydomain.co.uk and there is A records mail.mydomain.co.uk and autodiscover.mydomain.co.uk pointing to your CAS server
You will only need a SAN including mail.mydomain.co.uk and autodiscover.mydomain.co.uk.
This is optimal but you will need for your internal users to implement a Split DNS wich is great because users will have the same experience inside and outside the domain.
-they wont have to enter internally https://mail-pc.mydomain.internal/owa but https://mail.mydomain.co.uk /owa everywhere
Split DNS = To create an internal DNS zone with the same name as your external (mydomain.co.uk ) and pointing A record "mail" to your local IP address of exchange
You will also have to change the internal URLs of Exchange virtual directories following this KB:
http://support.microsoft.com/kb/940726
You other option is to include internal names in the SAN but this is not recomended at all
or
using the default self signed certificates of Exchange but only for SMTP and assign you purchassed certificate for IIS


0
 
AhmedHERMICommented:
0
 
icuadminAuthor Commented:
Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.