• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 113
  • Last Modified:

How to avoid Multiple Domain Names on a SAN Certificate?

I realize in a middle of a migration from Exchange 2003 to Exchange 2010 that I will have to create many accepted domains in Exchange 2010. Is there any way I can avoid listing these additional domains on the SAN certificate.

Even if I add them to the Cert we regularly add additional domains and I just don't want to be making changes constantly  with these certificate  once it is installed and it works.

Your recommendations will be appreciated.

Thanks,
0
TCPIPNet
Asked:
TCPIPNet
  • 2
2 Solutions
 
Will SzymkowskiSenior Solution ArchitectCommented:
Is there any way I can avoid listing these additional domains on the SAN certificate.
You do not need to add all of your Accepted domains to a UCC/SAN cert. You can have 1 external SMTP address that is used for connecting to your exchange environment i.e. mail.example.com and autodiscover.example.com are the only DNS SAN Names that are required. This is the preferred method.

So if you have users in your Exchange environment using @example2.com as there SMTP domain this will not matter. They just connect to there mailbox using mail.example.com and they will still be able to send/receive email as @example2.com.

Will.
0
 
TCPIPNetAuthor Commented:
Thanks Will for your reply.
Does it matter if  I am using split DNS?

Apart from those domains being added as accepted domains, is there any other configuration that should be done regarding the client Access URL's?

Thanks once again.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
If you are using split dns what you will want to do is the following...
- on your internal DNS create a new Zone for externaldomain.com
- then create an A (host) record for mail.externaldomain.com
- then you can set all of your virtual directories to https://mail.externaldomain.com/owa , oab etc.

So whatever domain you are using externally you just need to create a zone internally and then create a A record for mail.

That is all that is required.

Will.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now