• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 233
  • Last Modified:

Certificate for OA

Hi Guys,

I am about to purchase certificates for outlook anywhere but i am a bit confused.

Basically, we got 2 exchange 2010 servers located in different sites and both are in the same domain.

Now my question is, will a wild-card certificate work for my 2 exchange servers or do i need to purchase a certificate per server?
0
R2_D2
Asked:
R2_D2
  • 2
  • 2
  • 2
1 Solution
 
Jamie McKillopIT ManagerCommented:
Hello,

A wildcard certificate will work fine, unless you have older Windows mobile devices or you have OCS2007 and need integration. If you have Windows XP clients that aren't at the latest service pack level, you also need to make some changes to the certprincipalname so that is uses msstd:*.yourdomain.com

If you choose to purchase a SAN certificate, you need at least mail.domain.com and autodiscover.domain.com, provided only one of your sites is internet facing. If both sites are internet facing, you will need a third name on the cert for the second site.

JJ
0
 
AkhaterCommented:
I wouldn't recommend using a wild card, although technically it works  it is sensibly harder to configure specially if you are not experienced

I would buy a SAN certificate and include all the needed URI in it
0
 
R2_D2Author Commented:
will it work if i install 2 certificates, one on each server ?

because  is cheaper rather than buying a  SAN or Wild-Card Cert.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
AkhaterCommented:
no it won't you do need a SAN certificate (or a wild card)

san certificates are less than $100 a year
0
 
Jamie McKillopIT ManagerCommented:
Yes, it is possible to use a single name certificate. You will need to have an SRV record created in your DNS zone for the autodiscover service.

Here is a script that will help you set it up - http://virtualbarrymartin.me/2009/12/29/how-to-setup-exchange-2010-to-use-a-single-certificate-for-internal-and-external-use/

JJ
0
 
R2_D2Author Commented:
Yes that worked
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now