Announcement

Collapse
No announcement yet.

Exchange 2010 - SSL Certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2010 - SSL Certificate

    I've generated free certificate at StartCom for external OWA usage remote.domain.com. Problem is after installing it in Exchange, local users started getting errors from Outlook that Exchange.domain.local doesn't match the certificate name. Is there a way to use 2 different certificates. One for local usage (self generated) thru Outlook MAPI and one for external usage (accepted by every browser) thru OWA? It seemed to work fine with Exchange 2003 without a problem.
    My website with some small projects - http://www.pro-solutions.pl

  • #2
    Re: Exchange 2010 - SSL Certificate

    You normally buy a SAN (Subject Alternative Name) certificate which includes public and local names

    Might be worth seeing if you can upgrade
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Exchange 2010 - SSL Certificate

      Originally posted by Ossian View Post
      You normally buy a SAN (Subject Alternative Name) certificate which includes public and local names

      Might be worth seeing if you can upgrade
      Well i would prefer the free version Doesn't show SAN in this comparision http://www.startssl.com/?app=40
      My website with some small projects - http://www.pro-solutions.pl

      Comment


      • #4
        Re: Exchange 2010 - SSL Certificate

        You could look into renaming the internal URLs to match the certificate name, if you don't wish to go with a SAN certificate.

        http://www.msexchange.org/articles_t...ices-urls.html

        Comment


        • #5
          Re: Exchange 2010 - SSL Certificate

          Originally posted by MadBoy View Post
          I've generated free certificate at StartCom for external OWA usage remote.domain.com. Problem is after installing it in Exchange, local users started getting errors from Outlook that Exchange.domain.local doesn't match the certificate name. Is there a way to use 2 different certificates. One for local usage (self generated) thru Outlook MAPI and one for external usage (accepted by every browser) thru OWA? It seemed to work fine with Exchange 2003 without a problem.
          Forget about Exchange 2003. Exchange 2010 handles SSL differently. If you want to do your configuration properly you need a SAN certificate.

          http://exchangeserverpro.com/how-to-...cate-authority

          You can get these to work with self signed SAN certificates. Although self signed gives you more added complexity in that the certificates are not automatically trusted by the client unless you are using auto enrollment. For lab purposes they are fine. For production spend the money and get a commercial certificate.

          Comment


          • #6
            Re: Exchange 2010 - SSL Certificate

            As mentioned above
            2007-2010 exchange require SAN certificates. If the free one does not support that then I recommend buying one. Even if you manage to get it working it just isnt worth the time spent. I setup my first exchange 2007 using an Self signed ssl, it wasnt worth effort. Even if you learn how to do it relatively quickly you are still making the users have to install the root certificate to make it work. For some devices like some Iphones they will not support self signed certificates.
            Also not all certificate providers are universally accepted so picking some obscure one can create difficulties.

            There are some lost cost certificate providers. DomainsforExchange.net for example, is a good one. We found thema few years ago. Their UC (SAN) certificates can be purchased for $60.52 a year. There are others at similar pricing as well. We found their's works well.

            Comment


            • #7
              Re: Exchange 2010 - SSL Certificate

              Originally posted by Virtual View Post
              You could look into renaming the internal URLs to match the certificate name, if you don't wish to go with a SAN certificate.

              http://www.msexchange.org/articles_t...ices-urls.html
              Just to confirm my suggestion, which I have used many a time, if the relevant services are renamed to the same, you can then use an external SSL certificate with one name. I tend to purchase a wildcard certificate that allows installation on 3 servers. The same certificate is then used for SharePoint, Internet site and Exchange. However, there are IMAP and POP 3 issues with wildcard but as I don't use them. it isn't a problem.

              This may then make it cheaper and the certificate usable across a number of servers.

              Comment

              Working...
              X