Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Exchange 2010 SSL requirement for multiple email domains

Posted on 2012-04-10
8
Medium Priority
?
674 Views
Last Modified: 2012-05-02
Hello Experts... I am currently running an Exchange 2010 on a single server.  Purchased a UCC SSL and working perpectly.  I need to add a second email domain to Exchange 2010 and would like to know if I need more than the current UCC SSL w/5 domains.

AD: domain1.local

Here is my current SSL:
common name: mail.domain1.com  
SAN: exch2010.domain1.local, autotodiscover.domain1.local, autodiscover.domain1.com

Adding second email domain to Exchange 2010 as domain2.com.
Would I need the following for this new domain to work correctly?
Common name: mail.domain2.com (or this goes under SAN)?
SAN: autodiscover.domain2.com, any others?

Godaddy told me I have 1 more domain name to add to this SSL.  Am I going to need another SSL or bump this SSL to 10 domains?

Thank you GREATLY Experts!!!

Golfbuddy22
0
Comment
Question by:golfbuddy22
8 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37831132
you can use single certificate with multiple domain names.. or also can have multiple certificates...
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 37831381
You don't need to add the name to the certificate.  To add a new domain to an Exchange server and have everything work, you need to make Autodiscover work and the alternative to having autodiscover.domain2.com in the SSL certificate is to use an SRV record in Domain2's DNS records instead of an Autodiscover A record.

You would add the SRV record and point it to a name already in the existing SSL certificate and in your case, you can use mail.domain1.com

http://support.microsoft.com/kb/940881

Ignore the version of Exchange in the above link - it will work for Exchange 2010 too.

You can host dozens of domains on your server this way without the need for a new / additional SSL certificates.
0
 
LVL 9

Expert Comment

by:ash007
ID: 37831491
If you have more than 1 domain add all domains to certifcate to avoid cert errors
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37831588
It isn't necessary and is very costly doing it that way.  I support a server that has 65 domains running happily from a 5 domain name SSL cert that cost $60 a year.
0
 
LVL 9

Expert Comment

by:ash007
ID: 37831813
Alan, i think SAN cetificate which means multiple domain entries in single certificate is highly recommended by Microsoft
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37831819
Yes I know - I am not disputing that.
0
 

Author Comment

by:golfbuddy22
ID: 37833132
Alan - How would SRV resolve multiple domains on SSL.  If mail.domain2/3/4.com isn't on the certificate, would it return an error?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37834997
No - if you use an SRV record to point to a name included on the SSL certificate (instead of adding autodiscover.domain2.com / autodiscover.domain3.com / autodiscover.domain4.com etc), then you won't have any issues.

The SSL certificate is only referenced when using something like Outlook for auto-configuring the email account - you can receive hundreds of domains worth of email on your Exchange server without having to worry about the SSL certificate names.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month11 days, 8 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question