Solved

Certificate Type For Exchange

Posted on 2012-04-04
6
350 Views
Last Modified: 2012-04-04
Hello,

I am working on getting our first exchange server up and running. The server is SBS 2011 with exchange 2010. We will have mobile devices that will access exchange remotely as well as internally on our network.

Since our outside IP address will be different from our internal IP address do I need to worry about the type of SSL certificate I need to buy or will any trusted certificate work?

Also, is there a certain provider that will provide the best compatibility across platforms?

Thank you in advance.
0
Comment
Question by:Pawel_Kowalski
  • 3
  • 3
6 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37808449
To make Exchange 2010 happy which comes with SBS 2011, you would be best advised to buy a SAN / UCC certificate (multi-name) with a minimum of 5 names including:

remote.externaldomain.com (or whatever you configure SBS to use)
autodiscover.externaldomain.com
servername.internaldomain.local
servername
sites

GoDaddy are about the cheapest place to buy but a GoDaddy Reseller account is cheaper still.
0
 

Author Comment

by:Pawel_Kowalski
ID: 37808457
Thank you! Would I map the external IP to the .com and the internal IP to all others? Or is there a way to have 2 IPs for each domain on the certificate?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37808469
There is no mapping of IP's.  You need to make sure that your MX record points to your Public IP Address and that port 25 is open to receive emails, port 443 is open for HTTPS which is used by Mobile Devices to connect, port 987 for Sharepoint if you use it, port 80 if you host a website and port 4125 for Remote Web Workplace.

What are you thinking you have to do with IP's / domain names?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Pawel_Kowalski
ID: 37808511
I thought that you had to have a dedicated IP address mapped to the SSL certificate. Am I wrong on that assumption? Thanks again
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37808523
As long as you have a Fixed IP Address for your server and the right DNS records pointing to the Fixed IP Address you will be fine.  There is no association between an SSL cert and an IP address - the cert only has Fully Qualified Domain Names in it and those names need to either resolve externally to your Public IP address or internally to your server.
0
 

Author Comment

by:Pawel_Kowalski
ID: 37808679
Great to know. Thank you!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now