So I bought a GoDaddy UCC and submitted teh CSR and got the cert, but now I'm wondering if I did it correctly, and will it matter.
Let's suppose my mail FQDN for external clients is mail.external.com, the Exchange server's AD name is server02.internal.com. Currently both OWA and ActiveSync use mail.external.com for access to my old Exchange 2k3 server.
Will that work as is, or should I rekey to have the common name be mail.external.com and add the external.com to the SAN list
Should I add internal.com to the SAN list, or should anything else be added to it?
I only bought a 5 name cert, so I can only add 1 more name. And this is obviously new to me, as we only used basic on the 2003 server
Oh, one more thing - key size. I see in Henrick's tutorial about third party SAN certs and most other places that key size is 1024, but by default it looks like GoDaddy issues 2048, does it matter? should I specify -KeySize 1024 in my CSR?
< Message edited by Manning -- 20.Jul.2011 10:54:15 AM >
It should work as you listed all the entries. But why did you set the common name to external.com and not mail.external.com?
But you can simply try it by installing the cert and check if everything works ok.
Regards, Johan
Johan,
I did't recall doing that on purpose, but when I looked at the cert properties on the server it shows up that way for some reason. Same when I look at the properties via my account on GoDaddy. I thought I had made a mistake creating the CSR, so I tried re-keying it earlier today and when I got the new cert it came through the same away as before, with external.com as the CN instead of mail.external.com
Generated a thumbprint and submitted it and got exactly the same key back, with the CN being external.com instead of mail.external.com. Basically the only differences were the date and serial number
Posts: 2271
Joined: 12.Apr.2008
From: The Netherlands
Status: offline
Hi Michael,
Your way of creating the cert looks ok. I would contact GoDaddy support to ask them if this is there standard procedure. When looking at their faq site you would expect the cn you are providing in the CSR is used:
Well, it appears once it is created, the CN can't be changed. I must have misplaced something in the original CSR, hence the switched CN. Oh well, as long as it still works.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2007] >> Secure Messaging >> GoDaddy Cert - common name question 
GoDaddy Cert - common name question - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
