Announcement

Collapse
No announcement yet.

certificates for SBS2011

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • certificates for SBS2011

    I'm due to do an SBS2011 deployment in a few days.. and so boning up on my sbs2008 training (nice one, huh ?:P)

    I had been planning on getting a UCC cert from sembee's site, to use fo rexchange.. but the sbs2008 cert request stuff is telling me to just get a single-name cert for remote.blablabla.com, and then create an SRV record.

    Now...... I can't create an SRV record using the dns hosting provider (and moving isn't an option at present)

    So, I see this leaves me with a couple of options:

    Create a CName for autodiscover, pointing to remote.blablabla.com - this probably won't work so well, and I'll get certificate errors

    Just get a UCC cert from certificatesforexchange.com, and ignore the material i'm reading about getting a single name certificate.


    Are there any other options? (and autodiscover, with mobile devices, is a necessity..)
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

  • #2
    Re: certificates for SBS2011

    IMHO get a standard Exchange 2010 UCC (SAN) certificate, but use remote.domain.com as the main name

    So:
    remote.domain.com
    autodiscover.domain.com
    server.domain.local (internal FQDN)
    server (internal NetBIOS name)

    If you have 5 names, may as well add mail.domain.com
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: certificates for SBS2011

      Or use mail.domain.com instead of remote.domain.com. I've had to do that more than once when there's been no easy access to the DNS control panel.
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      sigpic
      Cruachan's Blog

      Comment


      • #4
        Re: certificates for SBS2011

        If you haven't already done this, then do the certificate in the usual way through Exchange 2010's SSL wizard, (so autodiscover, server name, server FQDN etc) but after doing the import stage, don't add any services. Then run the SSL wizard in SBS management console and choose to select an existing certificate. You can then choose the one that you have purchased.

        However, if you don't use remote.example.com for the common name, and that was the name you chose in the Connect to the internet wizard, then the certificate will not show up. SBS of course likes to use remote.example.com so I try to stick to that where possible.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: certificates for SBS2011

          That's basically how I did it...

          generated the request through sbs console, then used the digicert wizard to generate the CSR code, then created the code, purchased the certificate via sembee (thanks, $6.00 resale bonus for me!) and then bound it via the SBS console

          all working excellently

          will probably have another to do tomorrow
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: certificates for SBS2011

            See this KB for autodiscover records.
            TIA

            Steven Teiger [SBS-MVP(2003-2009)]
            http://www.wintra.co.il/
            sigpic
            Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

            We donít stop playing because we grow old, we grow old because we stop playing.

            Comment

            Working...
            X