locked
Exchange 2010 San Cert address? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi I'm so confused on what address's to use for our exchange san certificate request and our use of .net and .com for the request.

    Our setup, one exchange server (exchange 2010 on server 2008r2), office 2010/2007 users

    exchange server name: exchange

    internal domain: company.net

    we own externally: company.com

    -------------------------------------

    Is my request correct? I got this using the exchange 2010 cert wizard for the request creation:

    autodiscover.company.com

    exchange

    exchange.company.net

    mail.company.com

    company.com

    autodiscover.company.net

    Thanks for any help, please let me know if you need more information.


    • Edited by SysRqp Thursday, June 14, 2012 11:48 PM
    Thursday, June 14, 2012 11:45 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    So what i would do is configure your internal environment for "split DNS" basically you would create a DNS zone for company.com in your internal DNS, then add the A record for mail.company.com to this zone, you dont need to add the autodiscover internal DNS record, its not required. One thing to keep in mind when you add the split DNS internal zone for company.com is now you must add any A records for any publicly facing sites i.e www.company.com, if not internal request for www.company.com will fail to resolve.

    names in the cert should be

    mail.company.com =principal name

    autodiscover.company.com alternative name

    Bulls on Parade

    • Proposed as answer by wendy_liu Thursday, July 5, 2012 5:09 AM
    • Marked as answer by wendy_liu Friday, July 6, 2012 5:21 AM
    Friday, June 15, 2012 5:17 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    you don't have to have a server name

    mail-company.com - is that your OWA?

    What does Exchange.company.net represents? Your NLB?

    Friday, June 15, 2012 1:20 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    ok I'll remove the entry for "exchange"

    From exchange 2010 cert wizard :

    mail.company.com was what was offered for the domain name you use to access Exchange Active Sync and for OWA internet

    exchange.company.net --> OWA intranet our CAS

    --------------------------------------------------

    So as I understand as I will be purchasing a exchange San cert with the following to allow external owa to .com, internal owa to .net, and active sync access.

    autodiscover.company.com

    autodiscover.company.net

    mail.company.com

    exchange.company.net

    company.com

    Thanks again for any help

    Friday, June 15, 2012 5:06 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    So what i would do is configure your internal environment for "split DNS" basically you would create a DNS zone for company.com in your internal DNS, then add the A record for mail.company.com to this zone, you dont need to add the autodiscover internal DNS record, its not required. One thing to keep in mind when you add the split DNS internal zone for company.com is now you must add any A records for any publicly facing sites i.e www.company.com, if not internal request for www.company.com will fail to resolve.

    names in the cert should be

    mail.company.com =principal name

    autodiscover.company.com alternative name

    Bulls on Parade

    • Proposed as answer by wendy_liu Thursday, July 5, 2012 5:09 AM
    • Marked as answer by wendy_liu Friday, July 6, 2012 5:21 AM
    Friday, June 15, 2012 5:17 PM