none
Hybrid Exchange server certificate query for Office 365 RRS feed

  • Question

  • Hi,

    We are building our hybrid Exchange servers for Office 365 migration. In our on premise Exchange, we have multiple child domains as accepted domain where mail route occurs. So we have multiple domains like, domain.com, abc.domain.com, def.domain.com, hello.anotherdomain.com, yud.anotherdomain.com etc. So in this way, we can't have one wild card certificate since multiple domains are there. We either can have one certificate with manually entered all the entries as subject alternate names. Or maybe multiple certificates, but as i understand multiple certificates are not best practice and we cannot bind IIS, SMTP services to multiple certificates. Please let me know if that is true. Or if there's any other solution?

    Also another query, if we have edge servers in place, do i need to add edge public endpoint added to the SAN of hybrid certificate too? Will my certificate look like below:

    Common Name: mail.domain.com

    SAN: autodiscover.domain.com

    mail.abc.domain.com

    autodiscover.abc.domain.com

    mail.def.domain.com

    autodiscover.def.domain.com

    mail.hello.anotherdomain.com

    autodiscover.hello.anotherdomain.com

    mail.yud.anotherdomain.com

    autodisover.yud.anotherdomain.com

    edge.domain.com


    Regards BM

    Saturday, November 16, 2019 7:41 AM

Answers

  • Thanks is there anyway i can have a san certificate where common name will be like mail.mydomain.com

    and subject alternate name will be wild card? like *.mydomain.com, *.otherdomain.com, *.anotherdomain.com


    Regards BM

    Hi,

    Based on my testing, father and child domain could use different certificate for IIS. You can also add all those domains into one certificate. If you want to use this certificate for Edge, you will need to add Edge record into it.

    About whether could create a SAN certificate then add *.domain.com into it, you may need to confirm with your certificate provider.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, November 18, 2019 6:10 AM
    Moderator

All replies