Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Certificate Type For Exchange

Posted on 2012-04-04
6
Medium Priority
?
360 Views
Last Modified: 2012-04-04
Hello,

I am working on getting our first exchange server up and running. The server is SBS 2011 with exchange 2010. We will have mobile devices that will access exchange remotely as well as internally on our network.

Since our outside IP address will be different from our internal IP address do I need to worry about the type of SSL certificate I need to buy or will any trusted certificate work?

Also, is there a certain provider that will provide the best compatibility across platforms?

Thank you in advance.
0
Comment
Question by:Pawel_Kowalski
  • 3
  • 3
6 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37808449
To make Exchange 2010 happy which comes with SBS 2011, you would be best advised to buy a SAN / UCC certificate (multi-name) with a minimum of 5 names including:

remote.externaldomain.com (or whatever you configure SBS to use)
autodiscover.externaldomain.com
servername.internaldomain.local
servername
sites

GoDaddy are about the cheapest place to buy but a GoDaddy Reseller account is cheaper still.
0
 

Author Comment

by:Pawel_Kowalski
ID: 37808457
Thank you! Would I map the external IP to the .com and the internal IP to all others? Or is there a way to have 2 IPs for each domain on the certificate?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37808469
There is no mapping of IP's.  You need to make sure that your MX record points to your Public IP Address and that port 25 is open to receive emails, port 443 is open for HTTPS which is used by Mobile Devices to connect, port 987 for Sharepoint if you use it, port 80 if you host a website and port 4125 for Remote Web Workplace.

What are you thinking you have to do with IP's / domain names?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:Pawel_Kowalski
ID: 37808511
I thought that you had to have a dedicated IP address mapped to the SSL certificate. Am I wrong on that assumption? Thanks again
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 37808523
As long as you have a Fixed IP Address for your server and the right DNS records pointing to the Fixed IP Address you will be fine.  There is no association between an SSL cert and an IP address - the cert only has Fully Qualified Domain Names in it and those names need to either resolve externally to your Public IP address or internally to your server.
0
 

Author Comment

by:Pawel_Kowalski
ID: 37808679
Great to know. Thank you!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question