Solved

Exchange 2010 UC SAN Certificate Questions.

Posted on 2015-02-04
2
148 Views
Last Modified: 2015-02-04
Hey Folks,

I have stood up a new Exchange 2010 SP3 Server (VM) into an existing 2010 Standard Site.  I need to go through the New Exchange Certificate Wizard and have a few questions.

On the wizard step below I am seeing the old server MSX (currently in production) listed with new server. Should I leave the old server "MSX" in the field below?  Does it cause any issues to remove it and leave just the new server "MSX-V"?  Not cutting over for a month or so.

Client Access server (Outlook Web App)
    Domain name you use to access Outlook Web App internally.
       msx.ourdomain.com,msx-v.ourdomain.com


Under the wizard step below the wizard double entered the domain name?  Should txt in bold be removed?

Client Access Server (Web Services, Outlook Anywhere, and Autodiscover)
Outlook Anywhere is enabled
      External host name for your organization (example: mail.contoso.com)
            mail.ourdomain.com,ourdomain.com

Under the wizard step below it is populating the field with ourdomain.com shouldn't this be mail.ourdomain.com?

Hub Transport server
      Use mutual TLS to help secure Internet mail.
            ourdomain.com

I am looking at Digicert, Geotrust and Thawte for the UC SAN Certificate.  Anyone have any issues with any of the three and is there any consensus on which one is best?  

Thanks,
Rich
0
Comment
Question by:rjearley1966
2 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40590030
Certificate vendor - personally I use a GoDaddy reseller, as they have widespread device coverage and are cheap.

The certificate wizard takes its information from the configuration of Exchange. With the recently changes to the certificate rules, the best practise is to no longer use the internal server name anywhere, but to change to using the public name both internally and externally.
http://semb.ee/hostnames2010

The certificate wizard also makes the common name the root of the domain. I have never understood why and will always remove it. Make the common name the name the users will use most - mail.example.com.
In most cases you can get away with just two names on the certificate:
- mail.example.com
- Autodiscover.example.com

Any others are optional.

Simon.
0
 
LVL 1

Author Closing Comment

by:rjearley1966
ID: 40590155
Thanks a bunch Sembee,
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now