Solved

Exchange 2010 SSL requirement for multiple email domains

Posted on 2012-04-10
8
668 Views
Last Modified: 2012-05-02
Hello Experts... I am currently running an Exchange 2010 on a single server.  Purchased a UCC SSL and working perpectly.  I need to add a second email domain to Exchange 2010 and would like to know if I need more than the current UCC SSL w/5 domains.

AD: domain1.local

Here is my current SSL:
common name: mail.domain1.com  
SAN: exch2010.domain1.local, autotodiscover.domain1.local, autodiscover.domain1.com

Adding second email domain to Exchange 2010 as domain2.com.
Would I need the following for this new domain to work correctly?
Common name: mail.domain2.com (or this goes under SAN)?
SAN: autodiscover.domain2.com, any others?

Godaddy told me I have 1 more domain name to add to this SSL.  Am I going to need another SSL or bump this SSL to 10 domains?

Thank you GREATLY Experts!!!

Golfbuddy22
0
Comment
Question by:golfbuddy22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37831132
you can use single certificate with multiple domain names.. or also can have multiple certificates...
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37831381
You don't need to add the name to the certificate.  To add a new domain to an Exchange server and have everything work, you need to make Autodiscover work and the alternative to having autodiscover.domain2.com in the SSL certificate is to use an SRV record in Domain2's DNS records instead of an Autodiscover A record.

You would add the SRV record and point it to a name already in the existing SSL certificate and in your case, you can use mail.domain1.com

http://support.microsoft.com/kb/940881

Ignore the version of Exchange in the above link - it will work for Exchange 2010 too.

You can host dozens of domains on your server this way without the need for a new / additional SSL certificates.
0
 
LVL 9

Expert Comment

by:ash007
ID: 37831491
If you have more than 1 domain add all domains to certifcate to avoid cert errors
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37831588
It isn't necessary and is very costly doing it that way.  I support a server that has 65 domains running happily from a 5 domain name SSL cert that cost $60 a year.
0
 
LVL 9

Expert Comment

by:ash007
ID: 37831813
Alan, i think SAN cetificate which means multiple domain entries in single certificate is highly recommended by Microsoft
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37831819
Yes I know - I am not disputing that.
0
 

Author Comment

by:golfbuddy22
ID: 37833132
Alan - How would SRV resolve multiple domains on SSL.  If mail.domain2/3/4.com isn't on the certificate, would it return an error?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37834997
No - if you use an SRV record to point to a name included on the SSL certificate (instead of adding autodiscover.domain2.com / autodiscover.domain3.com / autodiscover.domain4.com etc), then you won't have any issues.

The SSL certificate is only referenced when using something like Outlook for auto-configuring the email account - you can receive hundreds of domains worth of email on your Exchange server without having to worry about the SSL certificate names.
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SBS 2008 active sync issue 2 48
Prevent users from using the Outlook APP 3 46
Exchange server Error 3 35
sync 2 servers 2008 9 68
In-place Upgrading Dirsync to Azure AD Connect
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question