Announcement

Collapse
No announcement yet.

Buying a certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Buying a certificate

    Please confirm for me that I need only one certificate.

    I have two sites and each site has one CAS/HT/MBX server. Since both sites will be active. I'll have users at site1 connect to mail.company.com and users at site2 connect to mail2.company.com. Both DNS names will be used internally and externally.

    I ran the new cert request wizard on my Exchange server in site1 and I noticed that the New-ExchangeCertificate command included the switch "-Server 'exCHM1'" (it also has mail and mail2.company.com as I indicated in the wizard). What is that switch for? Can I import the cert to exCHM1, then export it and use it on exCHM2 or do I need to buy another cert?

    I called my CA and they were talking about buying one SSL cert and one license. Then they were talking about buying two certs (which is mighty expensive). Finally they tried to tell me that I should use the same IP for internal and external access to mail (and do the same for mail2).

    Thanks.

  • #2
    Re: Buying a certificate

    Could you give us a clue which version of Exchange you are using -- I guess 2007 but need confirmation. In Exchange 2010 at least you can specify multiple servers on a cert.

    Certs should be c. $75 per year from www.godaddy.com (other providers exist) for a 5 name SAN certificate
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Buying a certificate

      Exchange version? Good idea

      I'm migrating to Exchange 2010. Here's the command:

      New-ExchangeCertificate -FriendlyName 'E2010' -GenerateRequest -PrivateKeyExportable $true -KeySize '2048' -SubjectName 'C=US,S="CO",L="City",O="Company",OU="Technical Operations",CN=company.com' -DomainName 'mail.company.com','kcmail.company.com','company.c om','autodiscover.company.com','exCHM1.company.com ','legacy.company.com' -Server 'exCHM1'
      Where do I add exCHM2? Thanks.

      Comment


      • #4
        Re: Buying a certificate

        IIRC as long as the other server is specified in the -domainname section you can import it -- trying to find the correct bit in a training course and can't find it just now...
        I tihnk the process is export (with key) from server it was issued to first, then import on other server
        Last edited by Ossian; 4th November 2011, 20:05.
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Buying a certificate

          Use the SSL wizard in EMC. I don't think I have ever done the certificate with the command line in Exchange 2010.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment

          Working...
          X