Announcement

Collapse
No announcement yet.

Confused about Certificates

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Confused about Certificates

    I am about to do my 2k3 to 2k10 migration and am unsure about SSL certificates.

    Currently mail is delivered to mail.domain.com - for which we do not have an SSL certificate.

    We don't use webmail but do you a number of iPhones and iPads to connect to mail using SSL. For this we use secure.domain.com - purely because we had a spare SSL certificate with that name (so I created another A record for our mail server).

    Can I get away with this setup for 2k10 or do I need to get some certificates sorted out? After much delay I was hoping to get started on this over the coming weekend.

    I have a spare server (lower spec) so will install 2k10 on that and move mailboxes over - so initially mail will still be processed through the 2k3 server. However time permitting I will migrate services at the same time.

    Once I am happy all works, I will rebuild the original (high spec) server and migrate move everything back. Not sure if this scenario causes SSL problems.

    Thanks in advance

  • #2
    Re: Confused about Certificates

    First - don't hijack threads. I have moved your question to its own thread.

    You do need to get SSL certificates sorted out.
    You can only use a single name SSL certificate IF your external DNS provider supports SRV records. If they do not (and most don't) then you will need to use a different kind of certificate, known as a Unified Communications, or Multiple Name or Subject Alternative Name certificate. This is NOT the same as a wildcard certificate.

    Certificates have been well documented, but you should use the wizard in EMC to generate the request. I have instructions here: http://exchange.sembee.info/2010/ins...sl-request.asp

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Confused about Certificates

      Apologies for "hijacking" the thread, but I simply searched for an answer and that seemed the most appropriate place - didn't want to start another thread on the subject for no reason. I know some forums get particularly funny about starting threads when there is already ons similar you can "join".

      With regards to DNS, we host our own DNS (a pair of 2k3 servers running MS DNS) for our domain name. Name is hosted with external registry, but all DNS points to our name servers, so I can do pretty much what I need to with DNS.

      I will take a look through the link you posted - thank you.

      Comment


      • #4
        Re: Confused about Certificates

        While I think about it (not read the link yet), if I simply put 2k10 in place to host mailboxes for now and don't have mail received there, can I get away with my current SSL setup in the short term (I assume yes as 2k3 server will do the routing work)?

        Comment


        • #5
          Re: Confused about Certificates

          You can't use Exchange 2010 to "just" host mailboxes. Exchange 2003 cannot provide the client access to Exchange 2010 mailboxes.
          Therefore an SSL certificate will be required from day 1 of holding "any" mailboxes on the Exchange 2010 platform.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment

          Working...
          X