Solved

Certificate Type For Exchange

Posted on 2012-04-04
6
353 Views
Last Modified: 2012-04-04
Hello,

I am working on getting our first exchange server up and running. The server is SBS 2011 with exchange 2010. We will have mobile devices that will access exchange remotely as well as internally on our network.

Since our outside IP address will be different from our internal IP address do I need to worry about the type of SSL certificate I need to buy or will any trusted certificate work?

Also, is there a certain provider that will provide the best compatibility across platforms?

Thank you in advance.
0
Comment
Question by:Pawel_Kowalski
  • 3
  • 3
6 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37808449
To make Exchange 2010 happy which comes with SBS 2011, you would be best advised to buy a SAN / UCC certificate (multi-name) with a minimum of 5 names including:

remote.externaldomain.com (or whatever you configure SBS to use)
autodiscover.externaldomain.com
servername.internaldomain.local
servername
sites

GoDaddy are about the cheapest place to buy but a GoDaddy Reseller account is cheaper still.
0
 

Author Comment

by:Pawel_Kowalski
ID: 37808457
Thank you! Would I map the external IP to the .com and the internal IP to all others? Or is there a way to have 2 IPs for each domain on the certificate?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37808469
There is no mapping of IP's.  You need to make sure that your MX record points to your Public IP Address and that port 25 is open to receive emails, port 443 is open for HTTPS which is used by Mobile Devices to connect, port 987 for Sharepoint if you use it, port 80 if you host a website and port 4125 for Remote Web Workplace.

What are you thinking you have to do with IP's / domain names?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Pawel_Kowalski
ID: 37808511
I thought that you had to have a dedicated IP address mapped to the SSL certificate. Am I wrong on that assumption? Thanks again
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37808523
As long as you have a Fixed IP Address for your server and the right DNS records pointing to the Fixed IP Address you will be fine.  There is no association between an SSL cert and an IP address - the cert only has Fully Qualified Domain Names in it and those names need to either resolve externally to your Public IP address or internally to your server.
0
 

Author Comment

by:Pawel_Kowalski
ID: 37808679
Great to know. Thank you!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Read this checklist to learn more about the 15 things you should never include in an email signature.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question