SSL Certificate Sans

Hi All, I need to get an SSL certificate from Go Daddy for an SBS2011 Server running exchange 2010. (Go Daddys support wont advise!) except to say I need a multiple certificate.

The client machines want to run outlook anywhere as they are mostly out of the office, they are a mixture of Windows and a few Macs

I think I need

remote.domain.co.uk
servername.domain.co.uk

do I need
autodiscover.domain.co.uk ?
imap.domain.co.uk ?
anything else? there is no selling on the website so I don't need www

I don't want to get the CSR wrong so would appreciate someone that has done this letting me know
Thank you
InsideviewM.D.Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

florin_sCommented:
Hi,

You will find here a list of required certificates, but this depends on the services you whish to use:
http://technet.microsoft.com/en-us/library/dd351044.aspx

Here is another one (three parts):
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/managing-certificates-exchange-server-2010-part1.html

this also could be interesting :)
0
Simon Butler (Sembee)ConsultantCommented:
Bare minimum:

remote.example.com
Autodiscover.example.com

That it is it, nothing else is required. Any other names are optional.
The local server name isn't required.
As long as you do the installation with the SBS wizard then SBS will adjust everything to use the correct host names for you.

You can use alternative host names for the various parts of Exchange, but that often adds additional complexity for no benefit.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

DhananjayTechnical ConsultantCommented:
You require a dns record for autodiscover.domain.co.uk point to your exchange server and the following domain name certificate.

remote.domain.co.uk
servername.domain.co.uk
autodiscover.domain.co.uk

OR

You can create a SAN certificate for all domain with include your *.domain.co.uk

For info related to auto discover refer below link:

http://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx

http://technet.microsoft.com/en-us/library/cc539114.aspx
0
Md. MojahidCommented:
Its depend what you have required in you organization.

Refer http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/
0
Cris HannaSr IT Support EngineerCommented:
Working from my phone at the moment so posting links is tough but will add to this later this morning

SBS only requires a single name certificate.  If you selected the defaults when you ran the Set up my Internet Address wizard from the SBS console, the the only name you need on the cert is remote.domain.co.uk.  You need to use the Install a Trusted Third party certificate wizard to generate the CSR and to install the cert.  However GoDaddy also requires you to install a intermediate cert.  I will post a link from the SBS team on doing this
0
Simon Butler (Sembee)ConsultantCommented:
@ CrisHanna_MVP

"SBS only requires a single name certificate. "

That is true IF your external DNS provider supports SRV records. If they do not (any many don't) then you will need a UC certificate or you have to use an additional SSL certificate and web site to do redirection.

Simon.
0
Cris HannaSr IT Support EngineerCommented:
@Sembee
While autodiscover is a handy feature...it's not an absolute must, especially if all you're doing is Outlook Anywhere

@Author - Insideview
Is your DNS being done by GoDaddy as well?

Here is the link from one of the Microsoft Program Managers on installing GoDaddy certs
http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html

And here is the blog post by Susan Bradley, otherwise know as the SBS Diva on setting up all external DNS records including autodiscover to work properly with SBS.   This article was written for SBS 2008 but it's the same for SBS 2011
0
Simon Butler (Sembee)ConsultantCommented:
"While autodiscover is a handy feature...it's not an absolute must, especially if all you're doing is Outlook Anywhere"

The questions on this web site that I have been answering for the last six years would give a different opinion. Without Autodiscover, the availability service is effectively dead, so that means no Out of Office, no free/busy, particularly if public folders have been disabled.

Autodiscover shouldn't be considered an optional feature - too many people try that and realise that they don't get full functionality of the office.

Simon.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.