Solved

Exchange UUC/SAN certificate

Posted on 2014-02-10
5
260 Views
Last Modified: 2014-02-11
What should the Common Name on a UUC/SAN certificate be named? This is for an Exchange 2010 server. The cert would be supporting all exchange's certificate needs. i.e. ActiveSync, AutoDiscover, OWA, Outlook Anywhere. We also have Outlook 2010 fat clients on internal domain.

 Also, my internal exchange server name is different from the outward facing name which is mail.nhmelab.net



Should the common name be mail.nhmelab.net

or

nhmelab.net

If mail.nhmelab.net should be common name, I would also need to add nhmelab.net as a san member: Yes or No?
0
Comment
Question by:ShiftAltNumlock
  • 3
5 Comments
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 39849331
If you are use UUC/SAN certificate for your exchange server then you have to create san certificate common name "nhmelab.net".

These include your all prefix domain like.

autodiscover.nhmelab.net
mail.nhmelab.net
pop.nhmelab.net
smtp.nhmelab.net



You can purchase SAN certificate from third party for more info refer below link:

http://support.microsoft.com/kb/929395


Or


You can create a new SAN certificate using exchange for more info refer below link :

http://technet.microsoft.com/en-us/library/aa995942.aspx
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39849621
Personally I would disagree.
The common name would be the host name that you are going to use most often - in most cases that would NOT be the root of the domain, but something like host.example.com.
You can get away with just two host names - mail.example.com and Autodiscover.example.com, any others would be used within Exchange if you choose to, but have no functionality effect on the operation of Exchange.

Simon.
0
 

Author Comment

by:ShiftAltNumlock
ID: 39850334
And here lies the problem. From the research I have done so far, the vast majority agree with you, Simon, but there are a few that side with Sushil, including Microsoft Exchange server. During the CSR process, exchange defaulted nhmelab.net as the common name. I am still at this step of the CSR setup process and have the ability to change this. If I can't get anymore info on this, I am going to go with the majority on this.
 CSR Process doesn't pick FQDN for common name by default.
0
 

Author Comment

by:ShiftAltNumlock
ID: 39850567
I actually called GoDaddy to get their take on this. They also agree that you SHOULD use FQDN for common name on a UUC cert to secure Exchange. They admit that Microsoft Exchange 2010 selects to root domain for common name during CSR generation, but they could not explain the reason for this. That being said, I think I will go with using mail.nhmelab.net for the common name. Thanks to all who chimed in on this question.
0
 

Author Closing Comment

by:ShiftAltNumlock
ID: 39850584
Thanks Simon, I am glad you are out there and responding so quickly. You will most likely see more questions from me. I decided that this Exchange migration was too complex to try without doing a simulation, so I am doing it all in a VM lab 1st.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
how to add IIS SMTP to handle application/Scanner relays into office 365.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now