[Last Call] Learn how to a build a cloud-first strategyRegister Now


manage multiple certificate on SBS 2011 with Exchange 2010

Posted on 2012-09-01
Medium Priority
Last Modified: 2012-10-11

We have a client that has 2 ISP’s i.e. Ethernet and cable company.  Primary is our Ethernet ISP and cable is the backup on Sonicwall.  They have SBS 2011 with exchange 2010 installed.  Primary ISP’s A record is Mail1.mydomain.com and secondary is Mail2.mydomain.com.  We have purchased certificates for both Mail1 and Mail2 for mydomain from same CA but Exchange  only allows one to be active at a time.  If internet on Primary goes down then we have to manually change to Mail2 certificate.  Is it possible to have this automated so we don’t have to do this manually.  I am open for different ideas on how to setup certificates.

Question by:ShamanSys
LVL 17

Expert Comment

by:Kent Dyer
ID: 38357801
Cerutil or certificate store (in either IE and/or Firefox) on the computer should be able to allow/install multiple certs..  This should cover what you need to manage multiple certs on your server.


LVL 13

Expert Comment

ID: 38357806
Easiest fix is a wildcard certificate *.domain.com
Or even a uc certificate with a subject alternate name .. That way you have 1 and the same certificate.
LVL 81

Expert Comment

ID: 38357809
You can have mail1 point to both IPs.

Alternatively, you could add an additional smtp receiver that is bound to another IP to which the cable IP is configured to forward then attach the second certificate to that receiver.
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 375 total points
ID: 38357810
There are other problems to consider, the server will always respond to the default gateway and you cannot have two.  You need a dual WAN port router and most will not allow forwarding on both WAN connections.

You cannot set up Reverse DNS on both connections.

Most SBS sites simply use a backup mail service such as no-ip's BackUp MX, about $35/year
LVL 74

Accepted Solution

Jeffrey Kane - TechSoEasy earned 375 total points
ID: 38359523
It seems as though what you are trying to accomplish is to have redundancy for inbound email using a failover.  You cannot use separate host names for this -- BOTH need to be mail.mydomain.com.  Exchange will only announce itself with a single name. So this eliminates the problem you are trying to resolve.

You would then need to just set up TWO MX records with the same host name (mail.mydomain.com) each pointing to the different IP addresses, with your main one having a higher priority weight (lower number) number than the other.

Contrary to what Rob stated above, it may be possible to set up Reverse DNS (PTR) on both connections to be the same (ie, just mail.mydomain.com). There are a few other considerations and this is a good discussion about those:  http:Q_24980487.html

Sonicwall will handle an automatic failover configuration just fine.

If you cannot get your ISPs to provide you with the proper reverse DNS though, then you need to use a backup MX as Rob suggested above.


Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question