SAN Certificate

Tuesday, November 03, 2009 11:31 AMFazal Ur Rehman

0
Sign In to Vote
We are upgrading to Exchange 2007. We are planning to have Exchange 2007 Mailbox CCR. We would have a NLB for CAS/Hub. We are planning to go for public CA but are confused as to how many certificate should be go for. We would have Outlook AnyWhere, ActiveSync, Outlook Web Access configured. We are going to use ISA 2006 for publishing this services. I would be glad iy you could let me know the no. of certificate we should purchase.
- Reply
- Quote

Answers

Wednesday, November 04, 2009 9:05 AMShaun Croucher

0
Sign In to Vote
Have you had a look here, this is a discussion about certificate use with ISA:
:

http://www.isaserver.org/tutorials/Generating-SSL-Certificates-Exchange-2007-ISA-Server-2006.html

Also see the technet documentation for publishing Exchange 2007 with ISA http://technet.microsoft.com/en-gb/library/bb794751.aspx

Shaun
- Marked As Answer byAllen SongMSFT, ModeratorFriday, November 13, 2009 9:14 AM
- Reply
- Quote
Thursday, November 05, 2009 8:32 AMAllen SongMSFT, Moderator

0
Sign In to Vote
Hi,

I believe the below article can help you on this question:
http://msexchangeteam.com/archive/2007/07/02/445698.aspx

Thanks

Allen
- Marked As Answer byAllen SongMSFT, ModeratorFriday, November 13, 2009 9:14 AM
- Reply
- Quote

All Replies

Tuesday, November 03, 2009 12:06 PMShaun Croucher

0
Sign In to Vote
For Exchange 2007 services and to support autodiscover you will need a UC or SAN certificate. The certificate will need to incorporate the internal NETBIOS name of the server, Internal FQDN, external FQDN and autodiscover.yourdomain.com.

There are alternatives, such as using a SRV record, but a SAN certificate is the easiest option.

Refer to the white paper for autodiscover: http://technet.microsoft.com/en-us/library/bb332063.aspx

Shaun
- Reply
- Quote
Wednesday, November 04, 2009 6:03 AMFazal Ur Rehman

0
Sign In to Vote
Hi Shaun,

Though I know that I have to buy a UC or SAN certificate, what I am confused is the no. of certificates that I need as I am having 2 server hosting the CAS/Hub role. Also that we are using ISA 2006 to publish these services.
- Reply
- Quote
Wednesday, November 04, 2009 9:05 AMShaun Croucher

0
Sign In to Vote
Have you had a look here, this is a discussion about certificate use with ISA:
:

http://www.isaserver.org/tutorials/Generating-SSL-Certificates-Exchange-2007-ISA-Server-2006.html

Also see the technet documentation for publishing Exchange 2007 with ISA http://technet.microsoft.com/en-gb/library/bb794751.aspx

Shaun
- Marked As Answer byAllen SongMSFT, ModeratorFriday, November 13, 2009 9:14 AM
- Reply
- Quote
Thursday, November 05, 2009 8:32 AMAllen SongMSFT, Moderator

0
Sign In to Vote
Hi,

I believe the below article can help you on this question:
http://msexchangeteam.com/archive/2007/07/02/445698.aspx

Thanks

Allen
- Marked As Answer byAllen SongMSFT, ModeratorFriday, November 13, 2009 9:14 AM
- Reply
- Quote
Monday, November 23, 2009 12:03 AMElan ShudnowMVP

0
Sign In to Vote
Fazal, all your questions are answered in my article below. I talk all about in what scenarios you need certain SAN names and add ISA into the mix. For example, in what scenario would you want a NetBIOS name in the certificate. And if you have ISA, are you comfortable with putting that NetBIOS name on there? If not, I go into the scenario how to get around that. So check out my article here:
http://www.shudnow.net/2008/11/18/autodiscover-dns-certificates-and-what-you-need-to-know/
MVP | MCSE:M | MCITP: Enterprise Messaging Administrator | MCTS: OCS + Voice Specialization | http://www.shudnow.net
- Reply
- Quote