locked
UCC SAN Certificate with Exchange 2007 RRS feed

  • Question

  • Hi

    We are on the way to replace our wildcard certificate to a UCC certificate. Now I have two questions.

    1. If I try to create a new request with the IP address of the Exchange server is also inserted, I get a error like "The Domainname '172.17.36.75' is invalid for a certificate. If I remove the IP address of the server, I can create the request without any problems.

    2. My certificate supplier told me also, that they won't create a certificate with my local internal domain with the ending .ads inside. So I only can input my external domains and the Exchange Netbios name into the certificate.

    Can I become a problem then without IP and Internal domain or is that just ok?

    Thx for any suggestions.

    Regards

    Wednesday, July 7, 2010 12:23 PM

Answers

  • Hi ,

    As per my knowledge

    Certificates are dependent on FQDNs not on IPs so there will be no issue even you have to configure your certs carefully on your IPs.

     

    Do it its not a major problem.

    As I have done it more than 20 times.

     

    Regards.

    Shafaquat Ali.


    M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2
    • Proposed as answer by Shafaquat Ali Wednesday, July 7, 2010 12:32 PM
    • Marked as answer by wayne7215 Thursday, July 8, 2010 1:33 PM
    Wednesday, July 7, 2010 12:32 PM
  • Why do you want to put the IP address on to the certificate?

    It isn't a requirement.

    As for the ads, that is quite odd as it isn't an issued or proposed top level domain as far as I am aware. Have you tried using a different certificate provider?

    If you can't use your internal name, then you will have to make some internal adjustments to the DNS so that the external names are used and a few other changes to the Exchange configuration so that autodiscover hands out the correct URLs to the clients. This is quite straight forward and is done usually by those who want to use a single name SSL certificate instead of UC certificate.

    Simon.


    Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
    • Marked as answer by wayne7215 Thursday, July 8, 2010 1:33 PM
    Wednesday, July 7, 2010 4:58 PM

All replies

  • Hi ,

    As per my knowledge

    Certificates are dependent on FQDNs not on IPs so there will be no issue even you have to configure your certs carefully on your IPs.

     

    Do it its not a major problem.

    As I have done it more than 20 times.

     

    Regards.

    Shafaquat Ali.


    M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2
    • Proposed as answer by Shafaquat Ali Wednesday, July 7, 2010 12:32 PM
    • Marked as answer by wayne7215 Thursday, July 8, 2010 1:33 PM
    Wednesday, July 7, 2010 12:32 PM
  • Why do you want to put the IP address on to the certificate?

    It isn't a requirement.

    As for the ads, that is quite odd as it isn't an issued or proposed top level domain as far as I am aware. Have you tried using a different certificate provider?

    If you can't use your internal name, then you will have to make some internal adjustments to the DNS so that the external names are used and a few other changes to the Exchange configuration so that autodiscover hands out the correct URLs to the clients. This is quite straight forward and is done usually by those who want to use a single name SSL certificate instead of UC certificate.

    Simon.


    Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
    • Marked as answer by wayne7215 Thursday, July 8, 2010 1:33 PM
    Wednesday, July 7, 2010 4:58 PM
  • @Shafaquat Ali + Sembee

    Thx, changed the supplier and get now a new UUC certificate with my internal domain .ads inside.

    Until now everything looks good and is working.

    Regards

     

    Thursday, July 8, 2010 1:33 PM
  • My Pleasure ,

     

    Regards.

    Shafaquat Ali.


    M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2
    Thursday, July 8, 2010 1:37 PM