Solved

Exchange 2010

Posted on 2013-11-23
6
195 Views
Last Modified: 2013-11-26
Hi,

I have four Exchange 2010 servers and wanted to know how you recommend setting up the SAN certificates.  Do I need one san cert for each server or can I use one cert to include all options for the four servers in the one cert?

Cheers
0
Comment
Question by:minniejp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 19

Expert Comment

by:R--R
ID: 39671450
SAN certificate has to be installed on CAS server.
Please specify the roles on the servers.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39671536
A single certificate for all servers will work fine - just use an SSL provider who allows unlimited server use (GoDaddy and their resellers do, as do others).
Whether you need an SSL certificate for all servers is another matter - only the CAS role does.
Furthermore if the servers are not on the same site and you want to have different host names for each site then you would probably need two certificates, so the common names match.

No single answer to your question without more information.

As a rule though, a single SAN, with the following names:

host.example.com (common name, used for Outlook Anywhere, ActiveSync etc)
Autodiscover.example.com

For a second site you could have just host.example.com.

You cannot include internal names on certificates expiring after November 2015, so use the external name internally via a split DNS.

Simon.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 39673637
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:minniejp
ID: 39675931
spot on Simon! Cheers
0
 

Author Comment

by:minniejp
ID: 39675976
Simon,

Just a follow on question, the four servers are all CAS for their individual site and they are all part of the same Exchange organization.  Can I have the following on my cert:

mail.exchange1.com
mail.exchange2.com
mail.exchange3.com
mail.exchange4.com
autodiscover.exchange1.com
autodiscover.exchange2.com
autodiscover.exchange3.com
autodiscover.exchange4.com  etc

on my Go Daddy SAN cert, add this to my primary exchange and then export to the other three exchange servers (to ensure all sites do not have the pop up cert errors).

All using the same common name.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39677206
You can do that if you like. It can be quite an expensive way to do it once you get in to lots of domains, which is why we use SRV records and the like.

Simon.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question