Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2010 SSL requirement for multiple email domains

Posted on 2012-04-10
8
Medium Priority
?
672 Views
Last Modified: 2012-05-02
Hello Experts... I am currently running an Exchange 2010 on a single server.  Purchased a UCC SSL and working perpectly.  I need to add a second email domain to Exchange 2010 and would like to know if I need more than the current UCC SSL w/5 domains.

AD: domain1.local

Here is my current SSL:
common name: mail.domain1.com  
SAN: exch2010.domain1.local, autotodiscover.domain1.local, autodiscover.domain1.com

Adding second email domain to Exchange 2010 as domain2.com.
Would I need the following for this new domain to work correctly?
Common name: mail.domain2.com (or this goes under SAN)?
SAN: autodiscover.domain2.com, any others?

Godaddy told me I have 1 more domain name to add to this SSL.  Am I going to need another SSL or bump this SSL to 10 domains?

Thank you GREATLY Experts!!!

Golfbuddy22
0
Comment
Question by:golfbuddy22
8 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37831132
you can use single certificate with multiple domain names.. or also can have multiple certificates...
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 37831381
You don't need to add the name to the certificate.  To add a new domain to an Exchange server and have everything work, you need to make Autodiscover work and the alternative to having autodiscover.domain2.com in the SSL certificate is to use an SRV record in Domain2's DNS records instead of an Autodiscover A record.

You would add the SRV record and point it to a name already in the existing SSL certificate and in your case, you can use mail.domain1.com

http://support.microsoft.com/kb/940881

Ignore the version of Exchange in the above link - it will work for Exchange 2010 too.

You can host dozens of domains on your server this way without the need for a new / additional SSL certificates.
0
 
LVL 9

Expert Comment

by:ash007
ID: 37831491
If you have more than 1 domain add all domains to certifcate to avoid cert errors
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37831588
It isn't necessary and is very costly doing it that way.  I support a server that has 65 domains running happily from a 5 domain name SSL cert that cost $60 a year.
0
 
LVL 9

Expert Comment

by:ash007
ID: 37831813
Alan, i think SAN cetificate which means multiple domain entries in single certificate is highly recommended by Microsoft
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37831819
Yes I know - I am not disputing that.
0
 

Author Comment

by:golfbuddy22
ID: 37833132
Alan - How would SRV resolve multiple domains on SSL.  If mail.domain2/3/4.com isn't on the certificate, would it return an error?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37834997
No - if you use an SRV record to point to a name included on the SSL certificate (instead of adding autodiscover.domain2.com / autodiscover.domain3.com / autodiscover.domain4.com etc), then you won't have any issues.

The SSL certificate is only referenced when using something like Outlook for auto-configuring the email account - you can receive hundreds of domains worth of email on your Exchange server without having to worry about the SSL certificate names.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month11 days, 12 hours left to enroll

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question