• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 202
  • Last Modified:

Exchange 2010

Hi,

I have four Exchange 2010 servers and wanted to know how you recommend setting up the SAN certificates.  Do I need one san cert for each server or can I use one cert to include all options for the four servers in the one cert?

Cheers
0
minniejp
Asked:
minniejp
1 Solution
 
R--RCommented:
SAN certificate has to be installed on CAS server.
Please specify the roles on the servers.
0
 
Simon Butler (Sembee)ConsultantCommented:
A single certificate for all servers will work fine - just use an SSL provider who allows unlimited server use (GoDaddy and their resellers do, as do others).
Whether you need an SSL certificate for all servers is another matter - only the CAS role does.
Furthermore if the servers are not on the same site and you want to have different host names for each site then you would probably need two certificates, so the common names match.

No single answer to your question without more information.

As a rule though, a single SAN, with the following names:

host.example.com (common name, used for Outlook Anywhere, ActiveSync etc)
Autodiscover.example.com

For a second site you could have just host.example.com.

You cannot include internal names on certificates expiring after November 2015, so use the external name internally via a split DNS.

Simon.
0
 
Md. MojahidCommented:
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
minniejpAuthor Commented:
spot on Simon! Cheers
0
 
minniejpAuthor Commented:
Simon,

Just a follow on question, the four servers are all CAS for their individual site and they are all part of the same Exchange organization.  Can I have the following on my cert:

mail.exchange1.com
mail.exchange2.com
mail.exchange3.com
mail.exchange4.com
autodiscover.exchange1.com
autodiscover.exchange2.com
autodiscover.exchange3.com
autodiscover.exchange4.com  etc

on my Go Daddy SAN cert, add this to my primary exchange and then export to the other three exchange servers (to ensure all sites do not have the pop up cert errors).

All using the same common name.
0
 
Simon Butler (Sembee)ConsultantCommented:
You can do that if you like. It can be quite an expensive way to do it once you get in to lots of domains, which is why we use SRV records and the like.

Simon.
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now