Solved

Exchange 2010 SSL requirement for multiple email domains

Posted on 2012-04-10
8
666 Views
Last Modified: 2012-05-02
Hello Experts... I am currently running an Exchange 2010 on a single server.  Purchased a UCC SSL and working perpectly.  I need to add a second email domain to Exchange 2010 and would like to know if I need more than the current UCC SSL w/5 domains.

AD: domain1.local

Here is my current SSL:
common name: mail.domain1.com  
SAN: exch2010.domain1.local, autotodiscover.domain1.local, autodiscover.domain1.com

Adding second email domain to Exchange 2010 as domain2.com.
Would I need the following for this new domain to work correctly?
Common name: mail.domain2.com (or this goes under SAN)?
SAN: autodiscover.domain2.com, any others?

Godaddy told me I have 1 more domain name to add to this SSL.  Am I going to need another SSL or bump this SSL to 10 domains?

Thank you GREATLY Experts!!!

Golfbuddy22
0
Comment
Question by:golfbuddy22
8 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37831132
you can use single certificate with multiple domain names.. or also can have multiple certificates...
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37831381
You don't need to add the name to the certificate.  To add a new domain to an Exchange server and have everything work, you need to make Autodiscover work and the alternative to having autodiscover.domain2.com in the SSL certificate is to use an SRV record in Domain2's DNS records instead of an Autodiscover A record.

You would add the SRV record and point it to a name already in the existing SSL certificate and in your case, you can use mail.domain1.com

http://support.microsoft.com/kb/940881

Ignore the version of Exchange in the above link - it will work for Exchange 2010 too.

You can host dozens of domains on your server this way without the need for a new / additional SSL certificates.
0
 
LVL 9

Expert Comment

by:ash007
ID: 37831491
If you have more than 1 domain add all domains to certifcate to avoid cert errors
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37831588
It isn't necessary and is very costly doing it that way.  I support a server that has 65 domains running happily from a 5 domain name SSL cert that cost $60 a year.
0
 
LVL 9

Expert Comment

by:ash007
ID: 37831813
Alan, i think SAN cetificate which means multiple domain entries in single certificate is highly recommended by Microsoft
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37831819
Yes I know - I am not disputing that.
0
 

Author Comment

by:golfbuddy22
ID: 37833132
Alan - How would SRV resolve multiple domains on SSL.  If mail.domain2/3/4.com isn't on the certificate, would it return an error?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37834997
No - if you use an SRV record to point to a name included on the SSL certificate (instead of adding autodiscover.domain2.com / autodiscover.domain3.com / autodiscover.domain4.com etc), then you won't have any issues.

The SSL certificate is only referenced when using something like Outlook for auto-configuring the email account - you can receive hundreds of domains worth of email on your Exchange server without having to worry about the SSL certificate names.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question