SSL Certificate Sans

Hi All, I need to get an SSL certificate from Go Daddy for an SBS2011 Server running exchange 2010. (Go Daddys support wont advise!) except to say I need a multiple certificate.

The client machines want to run outlook anywhere as they are mostly out of the office, they are a mixture of Windows and a few Macs

I think I need

do I need ? ?
anything else? there is no selling on the website so I don't need www

I don't want to get the CSR wrong so would appreciate someone that has done this letting me know
Thank you
Who is Participating?
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Bare minimum:

That it is it, nothing else is required. Any other names are optional.
The local server name isn't required.
As long as you do the installation with the SBS wizard then SBS will adjust everything to use the correct host names for you.

You can use alternative host names for the various parts of Exchange, but that often adds additional complexity for no benefit.


You will find here a list of required certificates, but this depends on the services you whish to use:

Here is another one (three parts):

this also could be interesting :)
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

djsharmaTechnical ConsultantCommented:
You require a dns record for point to your exchange server and the following domain name certificate.


You can create a SAN certificate for all domain with include your *

For info related to auto discover refer below link:
Md. MojahidCommented:
Its depend what you have required in you organization.

Cris HannaCommented:
Working from my phone at the moment so posting links is tough but will add to this later this morning

SBS only requires a single name certificate.  If you selected the defaults when you ran the Set up my Internet Address wizard from the SBS console, the the only name you need on the cert is  You need to use the Install a Trusted Third party certificate wizard to generate the CSR and to install the cert.  However GoDaddy also requires you to install a intermediate cert.  I will post a link from the SBS team on doing this
Simon Butler (Sembee)ConsultantCommented:
@ CrisHanna_MVP

"SBS only requires a single name certificate. "

That is true IF your external DNS provider supports SRV records. If they do not (any many don't) then you will need a UC certificate or you have to use an additional SSL certificate and web site to do redirection.

Cris HannaCommented:
While autodiscover is a handy's not an absolute must, especially if all you're doing is Outlook Anywhere

@Author - Insideview
Is your DNS being done by GoDaddy as well?

Here is the link from one of the Microsoft Program Managers on installing GoDaddy certs

And here is the blog post by Susan Bradley, otherwise know as the SBS Diva on setting up all external DNS records including autodiscover to work properly with SBS.   This article was written for SBS 2008 but it's the same for SBS 2011
Simon Butler (Sembee)ConsultantCommented:
"While autodiscover is a handy's not an absolute must, especially if all you're doing is Outlook Anywhere"

The questions on this web site that I have been answering for the last six years would give a different opinion. Without Autodiscover, the availability service is effectively dead, so that means no Out of Office, no free/busy, particularly if public folders have been disabled.

Autodiscover shouldn't be considered an optional feature - too many people try that and realise that they don't get full functionality of the office.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.