Solved

Exchange 2010

Posted on 2013-11-23
6
191 Views
Last Modified: 2013-11-26
Hi,

I have four Exchange 2010 servers and wanted to know how you recommend setting up the SAN certificates.  Do I need one san cert for each server or can I use one cert to include all options for the four servers in the one cert?

Cheers
0
Comment
Question by:minniejp
6 Comments
 
LVL 19

Expert Comment

by:R--R
ID: 39671450
SAN certificate has to be installed on CAS server.
Please specify the roles on the servers.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39671536
A single certificate for all servers will work fine - just use an SSL provider who allows unlimited server use (GoDaddy and their resellers do, as do others).
Whether you need an SSL certificate for all servers is another matter - only the CAS role does.
Furthermore if the servers are not on the same site and you want to have different host names for each site then you would probably need two certificates, so the common names match.

No single answer to your question without more information.

As a rule though, a single SAN, with the following names:

host.example.com (common name, used for Outlook Anywhere, ActiveSync etc)
Autodiscover.example.com

For a second site you could have just host.example.com.

You cannot include internal names on certificates expiring after November 2015, so use the external name internally via a split DNS.

Simon.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 39673637
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:minniejp
ID: 39675931
spot on Simon! Cheers
0
 

Author Comment

by:minniejp
ID: 39675976
Simon,

Just a follow on question, the four servers are all CAS for their individual site and they are all part of the same Exchange organization.  Can I have the following on my cert:

mail.exchange1.com
mail.exchange2.com
mail.exchange3.com
mail.exchange4.com
autodiscover.exchange1.com
autodiscover.exchange2.com
autodiscover.exchange3.com
autodiscover.exchange4.com  etc

on my Go Daddy SAN cert, add this to my primary exchange and then export to the other three exchange servers (to ensure all sites do not have the pop up cert errors).

All using the same common name.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39677206
You can do that if you like. It can be quite an expensive way to do it once you get in to lots of domains, which is why we use SRV records and the like.

Simon.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video discusses moving either the default database or any database to a new volume.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question