Solved

Exchange 2010

Posted on 2013-11-23
6
194 Views
Last Modified: 2013-11-26
Hi,

I have four Exchange 2010 servers and wanted to know how you recommend setting up the SAN certificates.  Do I need one san cert for each server or can I use one cert to include all options for the four servers in the one cert?

Cheers
0
Comment
Question by:minniejp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 19

Expert Comment

by:R--R
ID: 39671450
SAN certificate has to be installed on CAS server.
Please specify the roles on the servers.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39671536
A single certificate for all servers will work fine - just use an SSL provider who allows unlimited server use (GoDaddy and their resellers do, as do others).
Whether you need an SSL certificate for all servers is another matter - only the CAS role does.
Furthermore if the servers are not on the same site and you want to have different host names for each site then you would probably need two certificates, so the common names match.

No single answer to your question without more information.

As a rule though, a single SAN, with the following names:

host.example.com (common name, used for Outlook Anywhere, ActiveSync etc)
Autodiscover.example.com

For a second site you could have just host.example.com.

You cannot include internal names on certificates expiring after November 2015, so use the external name internally via a split DNS.

Simon.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 39673637
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:minniejp
ID: 39675931
spot on Simon! Cheers
0
 

Author Comment

by:minniejp
ID: 39675976
Simon,

Just a follow on question, the four servers are all CAS for their individual site and they are all part of the same Exchange organization.  Can I have the following on my cert:

mail.exchange1.com
mail.exchange2.com
mail.exchange3.com
mail.exchange4.com
autodiscover.exchange1.com
autodiscover.exchange2.com
autodiscover.exchange3.com
autodiscover.exchange4.com  etc

on my Go Daddy SAN cert, add this to my primary exchange and then export to the other three exchange servers (to ensure all sites do not have the pop up cert errors).

All using the same common name.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39677206
You can do that if you like. It can be quite an expensive way to do it once you get in to lots of domains, which is why we use SRV records and the like.

Simon.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question