Andreas200
asked on
SBS2011 Exchange 2010 WP7.5: Which certificate do I need?
Hello,
I am in the phase of replacing a SBS2008 / Exchange 2007 environment with Windows Phone 7.5 connections.
Incomming connections other than smtp and https for the WP7.5 are all using VPNs terminated at the corporate router.
I installed a GoDaddy UCC certificate directly in the IIS Â in the SBS2008.
The windows phone work perfectly including the autodiscover function.
I set up now a new SBS 2011 from scratch with the same internal/external domain names and not using the migration szenario but rebuilding the domain and transferring the data manually. Only smtp and https is needed for mail and WP7 pushmail.
How would you suggest to proceed with the existing UCC certificate? Should I try to reinstall it on the new server?
Or would a new standard certificate of GoDaddy using the SBS wizard in SBS2011 be sufficient to make the Windows phones 7.5 autodiscover and pushmail working?
Thanks for your thoughts!
Andreas
I am in the phase of replacing a SBS2008 / Exchange 2007 environment with Windows Phone 7.5 connections.
Incomming connections other than smtp and https for the WP7.5 are all using VPNs terminated at the corporate router.
I installed a GoDaddy UCC certificate directly in the IIS Â in the SBS2008.
The windows phone work perfectly including the autodiscover function.
I set up now a new SBS 2011 from scratch with the same internal/external domain names and not using the migration szenario but rebuilding the domain and transferring the data manually. Only smtp and https is needed for mail and WP7 pushmail.
How would you suggest to proceed with the existing UCC certificate? Should I try to reinstall it on the new server?
Or would a new standard certificate of GoDaddy using the SBS wizard in SBS2011 be sufficient to make the Windows phones 7.5 autodiscover and pushmail working?
Thanks for your thoughts!
Andreas
Ideally you need a UCC certificate.
The common name would be remote.example.com
The additional name would be autodiscover.example.com
Do the certificate request and install through Exchange 2010, but don't add any services. Then use the SBS wizard to enable the existing certificate. Job done.
If you use remote.example.com as your MX record as well, then you get SMTP over SSL (aka TLS).
If you have a certificate that is already able to take multiple names with time left on it, then do a REKEY through the GoDaddy system, using a new request from the SBS 2011 server, then follow what I have written above to actually activate it.
Simon.
The common name would be remote.example.com
The additional name would be autodiscover.example.com
Do the certificate request and install through Exchange 2010, but don't add any services. Then use the SBS wizard to enable the existing certificate. Job done.
If you use remote.example.com as your MX record as well, then you get SMTP over SSL (aka TLS).
If you have a certificate that is already able to take multiple names with time left on it, then do a REKEY through the GoDaddy system, using a new request from the SBS 2011 server, then follow what I have written above to actually activate it.
Simon.
ASKER
Thanks Rob!
what would you suggest as easier: rekeying or buying a single name cert?
what would you suggest as easier: rekeying or buying a single name cert?
At $12.99 and with simple install a new certificate is probably easier and you can leave the existing cert in place until the new server is on-line.
ASKER
Thank again,
which provider sells it for 12.99?
which provider sells it for 12.99?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://blog.lan-tech.ca/2012/05/17/sbs-2008-2011-adding-an-ssl-certificate/
Using your existing UCC cert would require rekeying by the certificate provider.