SSL Certificate Question - Multiple CAS\MBX Servers RRS feed

  • Question

  • Does anyone know if the same thirdpatry SSL cert can be used on multiple CAS\MBX\HUB servers to provide activesync and owa access without affecting internal exchange communication? We have 2 sites that are connected over slow links and only one internet connection.

    When users are connect via wifi internally to activesync or owa I want to ensure they connect to the closest CAS server. We do not have a load balancer so I was thinking of deeploying 2 DNS entries both internally and externally. Would it be possible to request only one Third Party cert that covers both dns alias (using SAN) and have this registered on both CAS servers. I can't use wildcard certs as we still have mobile 5 devices. I would also look to put in a SAN name for autodiscover also.

     Both exch01 and exch02 run exchange 2007 hosting 3 roles MBX/HUB/CAS  

    Externally pointed DNS

    Mobile.mycompany.com -> exch01.inernal.local

    Mobile2.mycompany.com -> exch01.inernal.local


    Internally pointed DNS

    Mobile.mycompany.com -> exch01.inernal.local

    Mobile2.mycompany.com -> exch02.inernal.local


    If this is possible, could someone help with the syntax I would use for the requested cert and which services I need to activate this on when I import. Thanks fo ryour help, certificates always give me a headache and I want to make sure I minamise the cost of buying third party certs.


    Wednesday, August 31, 2011 10:51 AM


All replies