Solved

Exchange 2010 SSL requirement for multiple email domains

Posted on 2012-04-10
8
665 Views
Last Modified: 2012-05-02
Hello Experts... I am currently running an Exchange 2010 on a single server.  Purchased a UCC SSL and working perpectly.  I need to add a second email domain to Exchange 2010 and would like to know if I need more than the current UCC SSL w/5 domains.

AD: domain1.local

Here is my current SSL:
common name: mail.domain1.com  
SAN: exch2010.domain1.local, autotodiscover.domain1.local, autodiscover.domain1.com

Adding second email domain to Exchange 2010 as domain2.com.
Would I need the following for this new domain to work correctly?
Common name: mail.domain2.com (or this goes under SAN)?
SAN: autodiscover.domain2.com, any others?

Godaddy told me I have 1 more domain name to add to this SSL.  Am I going to need another SSL or bump this SSL to 10 domains?

Thank you GREATLY Experts!!!

Golfbuddy22
0
Comment
Question by:golfbuddy22
8 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37831132
you can use single certificate with multiple domain names.. or also can have multiple certificates...
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37831381
You don't need to add the name to the certificate.  To add a new domain to an Exchange server and have everything work, you need to make Autodiscover work and the alternative to having autodiscover.domain2.com in the SSL certificate is to use an SRV record in Domain2's DNS records instead of an Autodiscover A record.

You would add the SRV record and point it to a name already in the existing SSL certificate and in your case, you can use mail.domain1.com

http://support.microsoft.com/kb/940881

Ignore the version of Exchange in the above link - it will work for Exchange 2010 too.

You can host dozens of domains on your server this way without the need for a new / additional SSL certificates.
0
 
LVL 9

Expert Comment

by:ash007
ID: 37831491
If you have more than 1 domain add all domains to certifcate to avoid cert errors
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37831588
It isn't necessary and is very costly doing it that way.  I support a server that has 65 domains running happily from a 5 domain name SSL cert that cost $60 a year.
0
 
LVL 9

Expert Comment

by:ash007
ID: 37831813
Alan, i think SAN cetificate which means multiple domain entries in single certificate is highly recommended by Microsoft
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37831819
Yes I know - I am not disputing that.
0
 

Author Comment

by:golfbuddy22
ID: 37833132
Alan - How would SRV resolve multiple domains on SSL.  If mail.domain2/3/4.com isn't on the certificate, would it return an error?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37834997
No - if you use an SRV record to point to a name included on the SSL certificate (instead of adding autodiscover.domain2.com / autodiscover.domain3.com / autodiscover.domain4.com etc), then you won't have any issues.

The SSL certificate is only referenced when using something like Outlook for auto-configuring the email account - you can receive hundreds of domains worth of email on your Exchange server without having to worry about the SSL certificate names.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question