Solved

Certificate Type For Exchange

Posted on 2012-04-04
6
351 Views
Last Modified: 2012-04-04
Hello,

I am working on getting our first exchange server up and running. The server is SBS 2011 with exchange 2010. We will have mobile devices that will access exchange remotely as well as internally on our network.

Since our outside IP address will be different from our internal IP address do I need to worry about the type of SSL certificate I need to buy or will any trusted certificate work?

Also, is there a certain provider that will provide the best compatibility across platforms?

Thank you in advance.
0
Comment
Question by:Pawel_Kowalski
  • 3
  • 3
6 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37808449
To make Exchange 2010 happy which comes with SBS 2011, you would be best advised to buy a SAN / UCC certificate (multi-name) with a minimum of 5 names including:

remote.externaldomain.com (or whatever you configure SBS to use)
autodiscover.externaldomain.com
servername.internaldomain.local
servername
sites

GoDaddy are about the cheapest place to buy but a GoDaddy Reseller account is cheaper still.
0
 

Author Comment

by:Pawel_Kowalski
ID: 37808457
Thank you! Would I map the external IP to the .com and the internal IP to all others? Or is there a way to have 2 IPs for each domain on the certificate?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37808469
There is no mapping of IP's.  You need to make sure that your MX record points to your Public IP Address and that port 25 is open to receive emails, port 443 is open for HTTPS which is used by Mobile Devices to connect, port 987 for Sharepoint if you use it, port 80 if you host a website and port 4125 for Remote Web Workplace.

What are you thinking you have to do with IP's / domain names?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:Pawel_Kowalski
ID: 37808511
I thought that you had to have a dedicated IP address mapped to the SSL certificate. Am I wrong on that assumption? Thanks again
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37808523
As long as you have a Fixed IP Address for your server and the right DNS records pointing to the Fixed IP Address you will be fine.  There is no association between an SSL cert and an IP address - the cert only has Fully Qualified Domain Names in it and those names need to either resolve externally to your Public IP address or internally to your server.
0
 

Author Comment

by:Pawel_Kowalski
ID: 37808679
Great to know. Thank you!
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Find out what you should include to make the best professional email signature for your organization.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now