locked
Exchange 2010 cert additional help. RRS feed

  • Question

  • Hi all,

    we are going to have one cas array that includes cas1.mycompany.local and cas2.mycompany.local and one DAG which includes two mailbox servers.

    We are transitioning from exch2003 to exch 2010 SP1.  From what I got: I need to purchase one SAN certificate with
    mail.mycompany.com
    autodiscover.mycompany.com

    we are going to setup split DNS too and will set internalURL and externalURL to mail.mycompany.com.

    Can I use one SAN cert above to put in the two CAS servers above?  how?  will outlook users get security popup since the cas array name is outlook.mycompany.local which uses NLB virtual IP (nlb1.mycompany.local)

    Thank you.

     

    Monday, April 11, 2011 2:41 PM

Answers

  • Yes, you can.

     

    But you may need to configure the internalurl for the web services, such as autodiscover, EWS, OAB, OWA, UM. Set them to access https:// mail.mycompany.com/xxx/xxxxx.

     

    Or you will receive a certificate mismatch warning in Outlook as the CASARRAY name “outlook.mycompany.local” is not in the list of the SAN certificate you submitted.

     

    Thanks,

    Simon

     

    • Marked as answer by Serena Li Tuesday, April 19, 2011 7:32 AM
    Wednesday, April 13, 2011 6:00 AM

All replies

  • they will not get hte popup from the CAS array name but get it from web services and internal autodiscover so you should set those names ti mail.mycompany.com or add the names to the SAN
    Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com, Follow me on twitter http://www.twitter.com/_busbar and if you Liked my post please mark it as helpful and accept it as an answer
    Monday, April 11, 2011 3:08 PM
  • Yes, CAS Array records would be use for MAPI connection only.

    Quote "Can I use one SAN cert above to put in the two CAS servers above"

    Yes, you can use single SAN certificate for both CAS server (Make sure SAN certificate have both node FQDN).


    Anil
    Monday, April 11, 2011 3:17 PM
  • >Yes, you can use single SAN certificate for both CAS server (Make sure SAN certificate have both >node FQDN).


    From what I read and help got from, I should not include both node FQDN which are internal.

    I want the SAN cetificate with mail.mycompany.com and autodiscover.mycompany.com to be used on two CAS servers since everyone uses mail.mycompany.com to access owa, not individual CAS internal FQDN.

    Can anyone offer me the steps to put one SAN certificate on two servers?

    Thank you.

    Monday, April 11, 2011 3:36 PM
  • the OWA internal FQDN should be pointing to the internal Servers name. other than this it should point to the NLB name.
    Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com, Follow me on twitter http://www.twitter.com/_busbar and if you Liked my post please mark it as helpful and accept it as an answer
    Tuesday, April 12, 2011 7:26 AM
  • Yes, you can.

     

    But you may need to configure the internalurl for the web services, such as autodiscover, EWS, OAB, OWA, UM. Set them to access https:// mail.mycompany.com/xxx/xxxxx.

     

    Or you will receive a certificate mismatch warning in Outlook as the CASARRAY name “outlook.mycompany.local” is not in the list of the SAN certificate you submitted.

     

    Thanks,

    Simon

     

    • Marked as answer by Serena Li Tuesday, April 19, 2011 7:32 AM
    Wednesday, April 13, 2011 6:00 AM