No announcement yet.

certificates for SBS2011

  • Filter
  • Time
  • Show
Clear All
new posts

  • certificates for SBS2011

    I'm due to do an SBS2011 deployment in a few days.. and so boning up on my sbs2008 training (nice one, huh ?:P)

    I had been planning on getting a UCC cert from sembee's site, to use fo rexchange.. but the sbs2008 cert request stuff is telling me to just get a single-name cert for, and then create an SRV record.

    Now...... I can't create an SRV record using the dns hosting provider (and moving isn't an option at present)

    So, I see this leaves me with a couple of options:

    Create a CName for autodiscover, pointing to - this probably won't work so well, and I'll get certificate errors

    Just get a UCC cert from, and ignore the material i'm reading about getting a single name certificate.

    Are there any other options? (and autodiscover, with mobile devices, is a necessity..)
    Please do show your appreciation to those who assist you by leaving Rep Point

  • #2
    Re: certificates for SBS2011

    IMHO get a standard Exchange 2010 UCC (SAN) certificate, but use as the main name

    server.domain.local (internal FQDN)
    server (internal NetBIOS name)

    If you have 5 names, may as well add
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: certificates for SBS2011

      Or use instead of I've had to do that more than once when there's been no easy access to the DNS control panel.
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      Cruachan's Blog


      • #4
        Re: certificates for SBS2011

        If you haven't already done this, then do the certificate in the usual way through Exchange 2010's SSL wizard, (so autodiscover, server name, server FQDN etc) but after doing the import stage, don't add any services. Then run the SSL wizard in SBS management console and choose to select an existing certificate. You can then choose the one that you have purchased.

        However, if you don't use for the common name, and that was the name you chose in the Connect to the internet wizard, then the certificate will not show up. SBS of course likes to use so I try to stick to that where possible.

        Simon Butler
        Exchange MVP

        More Exchange Content:
        Exchange Resources List:
        In the UK? Hire me:

        Sembee is a registered trademark, used here with permission.


        • #5
          Re: certificates for SBS2011

          That's basically how I did it...

          generated the request through sbs console, then used the digicert wizard to generate the CSR code, then created the code, purchased the certificate via sembee (thanks, $6.00 resale bonus for me!) and then bound it via the SBS console

          all working excellently

          will probably have another to do tomorrow
          Please do show your appreciation to those who assist you by leaving Rep Point


          • #6
            Re: certificates for SBS2011

            See this KB for autodiscover records.

            Steven Teiger [SBS-MVP(2003-2009)]
            Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

            We donít stop playing because we grow old, we grow old because we stop playing.