We help IT Professionals succeed at work.

ssl certificate for exchange server

Dear Experts
We are in process of implementing on-premise exchange enterprise email server for this we have install SSL certificate, please suggest which provider and what type of ssl certificate should we have to go for exchange enterprise email server. thanks in advance.
Comment
Watch Question

MASEE Solution Guide - Technical Dept Head
CERTIFIED EXPERT
Most Valuable Expert 2017

Commented:
You need a SAN certificate (i.e. multi domain certificate).
And you need two names minimum. Common name and autodiscover.email.com.
Assuming you have only 1 email domain.
Please check this for more details.
https://www.experts-exchange.com/articles/31221/Fix-for-Exchange-server-2016-2019-certificate-and-related-issues.html
https://www.experts-exchange.com/articles/29662/Exchange-2013-Fix-for-an-Invalid-certificate-and-related-issues.html

You can buy any 3rd party certificate.
Digicert which is expensive
Godaddy, Comodo. which is cheap.
Seth SimmonsSr. Systems Administrator
CERTIFIED EXPERT

Commented:
And you need two names minimum

or get a wildcard certificate which you can use on all your servers in that domain

Author

Commented:
Thank you very much following help requested
1) email domain    orange.com

think common name :  mail.orange.com    
auto discover name: autodiscover.orange.com

please correct if the above common name and autodiscover name found to be correct if not request to please correct

2) email domain  apple.com
common name: mail.apple.com
auto discover name: autodiscover.apple.com
please correct if the above common name and autodiscover name found to be correct if not request to please correct

3) domain jackfruit.com  for this multiple subdomains are there
email domain: mail.jackfruit.com
common name: mail.jackfruit.com
auto discover: autodiscover.jackfruit.com

Please note all the above 03 emails domains to be configured in the same exchange server where it is in the domain network of jackfruit.com
if this is the case should we have to go for one SAN certificate that is for above  1 and 2 and for 03 go for wildcard and if we go for wildcard, please help.
EE Solution Guide - Technical Dept Head
CERTIFIED EXPERT
Most Valuable Expert 2017
Commented:
That is upto you
There are two methods you can do.
Option1
Common name for all domains and add autodiscover for those domains.
1. mail.orange.com  
2. autodiscover.orange.com
3. mail.apple.com
4. autodiscover.apple.com
5. mail.jackfruit.com
6. autodiscover.jackfruit.com

Option2
Single common name for all domains and add autodiscover for those domains.
1. mail.orange.com  
2. autodiscover.orange.com
3. autodiscover.apple.com
4. autodiscover.jackfruit.com


I have clearly mentioned in my articles
https://www.experts-exchange.com/articles/31221/Fix-for-Exchange-server-2016-2019-certificate-and-related-issues.html
https://www.experts-exchange.com/articles/29662/Exchange-2013-Fix-for-an-Invalid-certificate-and-related-issues.html

Use this to generate CSR command easily
https://www.experts-exchange.com/articles/28662/Easy-CSR-creation-Exchange-2007-2010-and-2013.html

Use this to count your mailboxes in server.
https://www.experts-exchange.com/articles/31850/Count-Mailboxes-in-your-Exchange-Organization.html

You can have wildcard if you have multiple servers with same domain and additional configuration is required in Exchange to configure wildcard certificate.
It is recommended to use multidomain (SAN) certificate for Exchange

MAS

Author

Commented:
Thanks for suggestion, all the email domains will be on one single exchange server and above option 2 which is as following is what I have planned and going for multidomain (SAN) certificate
Single common name for all domains and add autodiscover for those domains.
1. mail.orange.com  
2. autodiscover.orange.com
3. autodiscover.apple.com
4. autodiscover.jackfruit.com
hope this works fine, please let me know.
MASEE Solution Guide - Technical Dept Head
CERTIFIED EXPERT
Most Valuable Expert 2017

Commented:
-->hope this works fine, please let me know.
Yes this is correct.