Solved

Exchange UUC/SAN certificate

Posted on 2014-02-10
5
262 Views
Last Modified: 2014-02-11
What should the Common Name on a UUC/SAN certificate be named? This is for an Exchange 2010 server. The cert would be supporting all exchange's certificate needs. i.e. ActiveSync, AutoDiscover, OWA, Outlook Anywhere. We also have Outlook 2010 fat clients on internal domain.

 Also, my internal exchange server name is different from the outward facing name which is mail.nhmelab.net



Should the common name be mail.nhmelab.net

or

nhmelab.net

If mail.nhmelab.net should be common name, I would also need to add nhmelab.net as a san member: Yes or No?
0
Comment
Question by:ShiftAltNumlock
  • 3
5 Comments
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 39849331
If you are use UUC/SAN certificate for your exchange server then you have to create san certificate common name "nhmelab.net".

These include your all prefix domain like.

autodiscover.nhmelab.net
mail.nhmelab.net
pop.nhmelab.net
smtp.nhmelab.net



You can purchase SAN certificate from third party for more info refer below link:

http://support.microsoft.com/kb/929395


Or


You can create a new SAN certificate using exchange for more info refer below link :

http://technet.microsoft.com/en-us/library/aa995942.aspx
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39849621
Personally I would disagree.
The common name would be the host name that you are going to use most often - in most cases that would NOT be the root of the domain, but something like host.example.com.
You can get away with just two host names - mail.example.com and Autodiscover.example.com, any others would be used within Exchange if you choose to, but have no functionality effect on the operation of Exchange.

Simon.
0
 

Author Comment

by:ShiftAltNumlock
ID: 39850334
And here lies the problem. From the research I have done so far, the vast majority agree with you, Simon, but there are a few that side with Sushil, including Microsoft Exchange server. During the CSR process, exchange defaulted nhmelab.net as the common name. I am still at this step of the CSR setup process and have the ability to change this. If I can't get anymore info on this, I am going to go with the majority on this.
 CSR Process doesn't pick FQDN for common name by default.
0
 

Author Comment

by:ShiftAltNumlock
ID: 39850567
I actually called GoDaddy to get their take on this. They also agree that you SHOULD use FQDN for common name on a UUC cert to secure Exchange. They admit that Microsoft Exchange 2010 selects to root domain for common name during CSR generation, but they could not explain the reason for this. That being said, I think I will go with using mail.nhmelab.net for the common name. Thanks to all who chimed in on this question.
0
 

Author Closing Comment

by:ShiftAltNumlock
ID: 39850584
Thanks Simon, I am glad you are out there and responding so quickly. You will most likely see more questions from me. I decided that this Exchange migration was too complex to try without doing a simulation, so I am doing it all in a VM lab 1st.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question