Solved

Certificate for OA

Posted on 2013-01-21
6
225 Views
Last Modified: 2013-01-29
Hi Guys,

I am about to purchase certificates for outlook anywhere but i am a bit confused.

Basically, we got 2 exchange 2010 servers located in different sites and both are in the same domain.

Now my question is, will a wild-card certificate work for my 2 exchange servers or do i need to purchase a certificate per server?
0
Comment
Question by:R2_D2
  • 2
  • 2
  • 2
6 Comments
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 38801571
Hello,

A wildcard certificate will work fine, unless you have older Windows mobile devices or you have OCS2007 and need integration. If you have Windows XP clients that aren't at the latest service pack level, you also need to make some changes to the certprincipalname so that is uses msstd:*.yourdomain.com

If you choose to purchase a SAN certificate, you need at least mail.domain.com and autodiscover.domain.com, provided only one of your sites is internet facing. If both sites are internet facing, you will need a third name on the cert for the second site.

JJ
0
 
LVL 49

Expert Comment

by:Akhater
ID: 38804110
I wouldn't recommend using a wild card, although technically it works  it is sensibly harder to configure specially if you are not experienced

I would buy a SAN certificate and include all the needed URI in it
0
 

Author Comment

by:R2_D2
ID: 38805627
will it work if i install 2 certificates, one on each server ?

because  is cheaper rather than buying a  SAN or Wild-Card Cert.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 49

Expert Comment

by:Akhater
ID: 38805638
no it won't you do need a SAN certificate (or a wild card)

san certificates are less than $100 a year
0
 
LVL 37

Accepted Solution

by:
Jamie McKillop earned 500 total points
ID: 38805650
Yes, it is possible to use a single name certificate. You will need to have an SRV record created in your DNS zone for the autodiscover service.

Here is a script that will help you set it up - http://virtualbarrymartin.me/2009/12/29/how-to-setup-exchange-2010-to-use-a-single-certificate-for-internal-and-external-use/

JJ
0
 

Author Closing Comment

by:R2_D2
ID: 38830209
Yes that worked
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What does UTC stand for?  “Coordinated Universal Time” – Think of this as the true time on Planet Earth that never changes with the exception of minor leap seconds here and there to account for the changes in the planet's rotation.   What does th…
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question