Announcement

Collapse
No announcement yet.

Exchange 2010 certificates

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2010 certificates

    Hello.


    So i am upgrading a single exchange 2007 server, to 2x CAS servers and 2x mailbox (DAG) servers.

    I am unsure on what names to include on my CAS server certificates. I know i need mail.domain.com, autodiscover.domain.com and legacy.domain.com since we have to co excist with 2007 for a while.

    But about my CAS servers. I have created a client access array, so i guess i need a certificate for that name as well? ie. casarray.domain.com. And what about the local names of my client access servers, are they needed as well? in example, cas01.domain.local.

    A final question. i dont know much about certificates, but is it possible to use the same certificate on both CAS servers? or do i need to go buy 2 identical certificates, only changing the local dns name - ie. cas01.domain.local and cas02.domain.local for the two CAS servers?

    Please let me know if you need more information, or if some if the info is unclear. I am looking forward to your answer.

  • #2
    Re: Exchange 2010 certificates

    Most providers will not allow you to have two certificates with the same names in them. Therefore you have to purchase a single server with all of the names on it. Then export the certificate and import it to the second server.

    You need to cover all methods that the servers could addressed via. Therefore if you are using any kind of cluster or array, then the real and virtual names need to be included. The SSL certificate is not just used for client access, Exchange uses it internally as well - hence the need for the server's real names.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Exchange 2010 certificates

      I am using a wild card certificate in my infrastructure without issues. and that covers *anything*.domain.com

      now.. my setup is a little different.. I am all on one box.. but every role which requires a certificate....... all have the same one..
      Daniel Frei
      -Windows Operations Server Administrator
      -Exchange Guru
      -Cisco Fanatic
      -SharePoint Hippie
      -Volkswagen Enthusiast

      www.lazynetworkadmin.com

      Comment


      • #4
        Re: Exchange 2010 certificates

        A wildcard certificate is not the same and is not suitable for use with Exchange 2007/2010. While it can be made to work, they do not cover the internal NETBIOS names of the server and would only work if the internal and external domain names were the same.

        Many people think that a wildcard certificate is the same as a SAN/UC certificate, but that is not the case at all.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X