cardinal
asked on
Certificate with isa 2006, exchange 2003 and moving to exchange 2007
I have an 2003 exchange server that Is configured with ISA 2006. I have a certificate configured with the name msr.domainname.com that points to it. The only outside services we are using are activesync and outlook over RPC. I want to set this up to point to our exchange 2007 CAS server so I can move these people over to the 2007 Exchange server. Right now the exchange 2007 server is using the self signed cert for internal stuff. I am really confused as the what I need to do certificate with for the new certificate for exchange 2007. I need to setup a new IPhone for someone that is on the Exchange 2007 server so even if I had to used the self signed cert temporally I am open to that.
ASKER
I have already read through that and understand it somewhat. What happens to my existing certificate that I have already purchased if I get a San.
Nothing. It would continue to exist and function independently.
ASKER
But I would have to have another outside IP address? Right now the way it's setup the dns record for msr.domainname.com point to the ISA server external iP. Would I need to add another listener in ISA and point it to a different external IP address
Yes, it would require an additional public IP address.
ASKER
Ok so tell me if this is right for the san.
I have 2 exchange 2007 servers:
1st netbois name cicexch and internal is cicexch.domainname.local Has CAS and mailboxes
2nd netbios name ms2010 and internal is ms2010.domainname.local. It has no mailboxes but has one of the CAS servers on it. It will go away.
1 exchange 2003 server that I want to move everyone off of. Right now certificate points to msr.domainname.com.
So for my san would the common name be say msr1.domainname.com and the san names be:
cicexch.domainname.local
cicexch
do I need to add the 2007 server that i will be getting rid of if no one is on that?
I have 2 exchange 2007 servers:
1st netbois name cicexch and internal is cicexch.domainname.local Has CAS and mailboxes
2nd netbios name ms2010 and internal is ms2010.domainname.local. It has no mailboxes but has one of the CAS servers on it. It will go away.
1 exchange 2003 server that I want to move everyone off of. Right now certificate points to msr.domainname.com.
So for my san would the common name be say msr1.domainname.com and the san names be:
cicexch.domainname.local
cicexch
do I need to add the 2007 server that i will be getting rid of if no one is on that?
Yes. Wouldn't hurt to also add on:
autodiscover.domainname.co m
and
legacy.domainname.com (if you're going to try to serve 2007 and 2003 through the 2007 cas)
autodiscover.domainname.co
and
legacy.domainname.com (if you're going to try to serve 2007 and 2003 through the 2007 cas)
ASKER
Thats where I get confused with serving the 2003 through the 2007 cas. I know it work because internally I can put in the 2007 internal address and it redirects me to the 2003 box.
are you saying to add legacy.domainname.com and remove the cert from the 2003 server and add the new san to it?
are you saying to add legacy.domainname.com and remove the cert from the 2003 server and add the new san to it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html