Exchange 2013 Certificate Requrement

Hello All,

We are planing to deploy exchange 2013 servers. currently we have 3 domains. Contoso.con, abc.com and xyz.com.

we have mailboxes from all above 3 email address (Primary email). Should i want to add autodiscover.contoso.com, autodiscover.abc.com and autodiscover.xyz.com  ?
ucguyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

In-case if you have three exchange servers from all of three domains. Then you can think of having a SAN certificate by for all the three locations where all the services like Outlook Anywhere, OAB, EWS and so forth. However out of all the three domains in which one the exchange is installed. Are you using Split brain DNS mechanisms or are you planning to have internal and external DNS separate.

Please confirm

Thanks
Manikandan
0
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
0
ucguyAuthor Commented:
NO.

i don't have 3 Exchange Servers. One exchange Server having 3 mail domains.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

In that case you have to use Split brain DNS mechanisms along with SAN Certificate. And as you mentioned that you are having mailboxes from all the three domains. You need to add all of the following autodiscover.contoso.com, autodiscover.abc.com and autodiscover.xyz.com in the SAN certificate for proper autodiscover to work properly.

http://www.msexchange.org/articles-tutorials/exchange-server-2013/management-administration/managing-certificates-exchange-server-2013-part1.html

Thanks
Manikandan
0
Simon Butler (Sembee)ConsultantCommented:
You have two options.

1. Autodiscover for all three domains, plus a single common name for web services.
Probably the easiest to deploy, and as you can get five name certificates for $80, not much cost difference.

2. Either a single name certificate, or a certificate for just one of the domains with Autodiscover.example.com, then use SRV records for the other domains.
A little more complex to setup, but if you were to add more domains, very easy to add them to the server. Obviously requires an external DNS provider that supports SRV record.

Internally, you would use split DNS to have the common name resolve internally. No need for the Autodiscover records to resolve internally unless you have clients on your internal network which are NOT members of the domain.

Keep it very simple, there is no need to get complicated with names on the SSL certificates.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

The best way to understand the certificate requirements and to understand its planning better. Please refer the links mentioned on my previous post

Thanks
Manikandan
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.