Asked by:
Exchange 2010 SSL certificate

Question
-
HelloTeam
Currently we are using exchange 2003 sp2 with wildcard ssl certificate .we are in process of migration from exchange 2003 to exchange 2010.we have installed exchange 2010 in our organisation .All rolls are on the same server.
We would like procure SSL certificate for the same.we have secure one domain and 4 sub domains (FQDN 1+4) kindly suggest which SSL certificate we need to procure.below are the details for the same
1) Mail.domain.com
2) cic.domain.com
3)webmail.domain.com
4)csslex1.domain.com
5) autodiscover.domain.com
Awaiting your replyRegards
Dayanand Gore
All replies
-
The most common certificate is the Unified Communications Certificate (UC Certificate)
You will get 3-4 domain names depending on from where you buy it and then you can add and additional names to the cert for a smaller fee.
- Edited by Tommi Leppämäki Friday, October 19, 2012 6:37 AM
-
-
Typically you need these name:
1. autodiscover.abc.com for autodiscover
2. mail.abc.com for OWA, Outlook Anywhere, this should be the subject name
3. legacy.abc.com for coexistence with Exchange 2003
4. FQDN of your CAS server
5. FQDN of your CAS array (if you have it)
-
Since you already have a wildcard cert for your domain (*.domain.com), you can use the same in Exchange 2010 as well. It will cover all the urls required.
Export the cert along with the private key from the 2003 box and import it into the 2010 ones and any reverse proxies you may have.
Keep it simple.
Rajith Enchiparambil | http://www.howexchangeworks.com |
-
-
Just to clearify, you can use your wildcard certificate.
It is less secure but It all depends on your organization, number of internet facing CAS a.s.o. but i assume you have only one server then it´s not a big security issue.
SAN and UC Certificates is the same (vendors cal them SAN or UCC or SAN/UCC)
- Edited by Tommi Leppämäki Friday, October 19, 2012 9:23 AM
-
HelloTeam
Currently we are using exchange 2003 sp2 with wildcard ssl certificate .we are in process of migration from exchange 2003 to exchange 2010.we have installed exchange 2010 in our organisation .All rolls are on the same server.
We would like procure SSL certificate for the same.we have secure one domain and 4 sub domains (FQDN 1+4) kindly suggest which SSL certificate we need to procure.below are the details for the same
1) Mail.domain.com
2) cic.domain.com
3)webmail.domain.com
4)csslex1.domain.com
5) autodiscover.domain.com
Awaiting your replyRegards
Dayanand Gorehttp://www.digicert.com/unified-communications-ssl-tls.htm
This wil give you some good idea on buying certificate.
ExchangeGeek
(MCITP,Enterprise Messaging Administrator)
**My posts are provided “AS IS” without warranty of any kind**
-
Using wildcard cert as subject name is not supported by Microsoft.
For the record, It sure is supported to used Wildcard certificates with Exchange.
You even get the choice to use is when creating a certificate request using the Wizard in EMC...
Also documented in: Understanding Digital Certificates and SSL
Martina Miskovic
-
Using wildcard cert as subject name is not supported by Microsoft.
For the record, It sure is supported to used Wildcard certificates with Exchange.
You even get the choice to use is when creating a certificate request using the Wizard in EMC...
Also documented in: Understanding Digital Certificates and SSL
Martina Miskovic
Nope. It never say "Using wildcard cert as subject name is supported".
Here says "There is no support for a wildcard entry as the subject name (also referred to as the common name or CN) for any role. The following server roles are supported when using wildcard entries in the SAN:..."
http://technet.microsoft.com/en-us/library/hh202161.aspx
- Edited by Li Zhen Saturday, October 20, 2012 4:54 AM
-
Nope. It never say "Using wildcard cert as subject name is supported".
Here says "There is no support for a wildcard entry as the subject name (also referred to as the common name or CN) for any role. The following server roles are supported when using wildcard entries in the SAN:..."
http://technet.microsoft.com/en-us/library/hh202161.aspx
There are considerations to make when having OCS/Lync in the enviroment, but still wildcard certificates are supported when it comes to Exchange.Martina Miskovic
-
-
-
-
Please let us know if we can use wildcard SSL certificate on 2003 and 2010 ? Kindly note both the servers will remain active.
What is the recomendation of Microsoft for the same
Hi,
It is recommended to use a SAN/UC Certificate, but wildcard certificate is supported.
See the section Certificate Planning for Upgrade in the below Technet Article.Upgrade from Exchange 2003 Client Access
http://technet.microsoft.com/en-us/library/ee332348.aspx
Martina Miskovic
- Edited by Martina_Miskovic Wednesday, October 31, 2012 6:24 AM