?
Solved

Exchange 2010

Posted on 2013-11-23
6
Medium Priority
?
196 Views
Last Modified: 2013-11-26
Hi,

I have four Exchange 2010 servers and wanted to know how you recommend setting up the SAN certificates.  Do I need one san cert for each server or can I use one cert to include all options for the four servers in the one cert?

Cheers
0
Comment
Question by:minniejp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 19

Expert Comment

by:R--R
ID: 39671450
SAN certificate has to be installed on CAS server.
Please specify the roles on the servers.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39671536
A single certificate for all servers will work fine - just use an SSL provider who allows unlimited server use (GoDaddy and their resellers do, as do others).
Whether you need an SSL certificate for all servers is another matter - only the CAS role does.
Furthermore if the servers are not on the same site and you want to have different host names for each site then you would probably need two certificates, so the common names match.

No single answer to your question without more information.

As a rule though, a single SAN, with the following names:

host.example.com (common name, used for Outlook Anywhere, ActiveSync etc)
Autodiscover.example.com

For a second site you could have just host.example.com.

You cannot include internal names on certificates expiring after November 2015, so use the external name internally via a split DNS.

Simon.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 39673637
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:minniejp
ID: 39675931
spot on Simon! Cheers
0
 

Author Comment

by:minniejp
ID: 39675976
Simon,

Just a follow on question, the four servers are all CAS for their individual site and they are all part of the same Exchange organization.  Can I have the following on my cert:

mail.exchange1.com
mail.exchange2.com
mail.exchange3.com
mail.exchange4.com
autodiscover.exchange1.com
autodiscover.exchange2.com
autodiscover.exchange3.com
autodiscover.exchange4.com  etc

on my Go Daddy SAN cert, add this to my primary exchange and then export to the other three exchange servers (to ensure all sites do not have the pop up cert errors).

All using the same common name.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39677206
You can do that if you like. It can be quite an expensive way to do it once you get in to lots of domains, which is why we use SRV records and the like.

Simon.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question