Announcement

Collapse
No announcement yet.

Exchange 2010 and SSL Certs

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2010 and SSL Certs

    Hi,

    We're looking to buy a an SSL cert for our exchange server and we're a little confused as to which to go for. Either a wildcard or UCC one. Also for a standard default install of exchange what domain's do we need to secure?

    mail.domain.com (external access to exchange)
    exch.internal.local (internal name of the server)
    autodiscovery.domain.com

    are these correct and are there anymore?

    EDIT: forgot to mention we do use activesync

    Many thanks,

    Nathan
    Last edited by nabberuk; 6th January 2011, 12:19.

  • #2
    Re: Exchange 2010 and SSL Certs

    Given the choice, I always go for a UC (SAN - subject alternative name) certificate. This ensures the maximum compatibility. Wildcards can be used, but still cause issues in certain configurations.

    The only name I would add to the list is the server's NETBIOS name, as well as its FQDN.
    It is autodiscover.example.com, no "y".

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Exchange 2010 and SSL Certs

      Originally posted by Sembee View Post
      Given the choice, I always go for a UC (SAN - subject alternative name) certificate. This ensures the maximum compatibility. Wildcards can be used, but still cause issues in certain configurations.

      The only name I would add to the list is the server's NETBIOS name, as well as its FQDN.
      It is autodiscover.example.com, no "y".

      Simon.
      thanks for you reply, so would the following look about right?

      exchserver.internal.local (FQDN)
      mail.externaldomain.co.uk (Hostname)
      autodiscover.internal.local
      autodiscover.externaldomain.co.uk

      Comment


      • #4
        Re: Exchange 2010 and SSL Certs

        No, you don't need autodiscover for the internal domain.

        The basic names that are required are:

        host.example.com (common name)
        autodiscover.example.com
        server.example.local
        server

        where example.com is your public domain name after the @ sign in email addresses, example.local is the internal Windows domain, server is the server name, and you are using host.example.com for OWA, MX records, Outlook Anywhere and Exchange ActiveSync - plus POP3/IMAP if those are being deployed.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Exchange 2010 and SSL Certs

          thanks for your help, all sorted!

          Just testing with www.testexchangeconnectivity.com and i get the following error;

          Code:
          Attempting to send the OPTIONS command to the server.
           	Testing of the OPTIONS command failed. For more information, see Additional Details.
           	
          	Additional Details
           	An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
          <html xmlns="http://www.w3.org/1999/xhtml">
          <head>
          <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
          <title>403 - Forbidden: Access is denied.</title>
          <style type="text/css">
          <!--
          body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
          fieldset{padding:0 15px 10px 15px;} 
          h1{font-size:2.4em;margin:0;color:#FFF;}
          h2{font-size:1.7em;margin:0;color:#CC0000;} 
          h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} 
          #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
          background-color:#555555;}
          #content{margin:0 0 0 2%;position:relative;}
          .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
          -->
          </style>
          </head>
          <body>
          <div id="header"><h1>Server Error</h1></div>
          <div id="content">
          <div class="content-container"><fieldset>
          <h2>403 - Forbidden: Access is denied.</h2>
          <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
          </fieldset></div>
          </div>
          </body>
          </html>
          I've read KB817379. Now does anyone know if this applies to just exchange 2003?

          Many thanks

          Comment


          • #6
            Re: Exchange 2010 and SSL Certs

            Are you sure that your DNS is configured correctly?

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment


            • #7
              Re: Exchange 2010 and SSL Certs

              DNS looks good, the phones are syncing........ this has caused a major problem as it's deleted there contacts!!!!!!

              Seriously, i've not cried for many years but today might be the day!!


              Anyway to recover from a full windows server backup?

              Comment


              • #8
                Re: Exchange 2010 and SSL Certs

                Originally posted by nabberuk View Post
                DNS looks good, the phones are syncing........ this has caused a major problem as it's deleted there contacts!!!!!!

                Seriously, i've not cried for many years but today might be the day!!


                Anyway to recover from a full windows server backup?
                ignore this, i was fed incorrect information. The phones had deleted there own data, but the data was fine on exchange.

                I was trying the test site above with the administrator login, which wouldn't work. Normal users work fine.

                Comment

                Working...
                X