Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
SSL Certificate
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
SSL Certificate - 29.Jul.2008 9:42:33 AM
|
|
|
Christof
Posts: 5
Joined: 29.Jul.2008
Status: offline
|
Hi Guys and gals, I am new to the forum, I have been lurking for a while in preparation for my Exchange 2007 SP1 server install. I have seen lots of good stuff already on here.
I have purchased a certificate from Godaddy (very reasonably priced) and was about to request it via IIS but I have since read about SAN certs and requesting via exchange ESM directly. I did have a locally produced certificate, in IIS as part of the install which I have removed.
We have outlook 2007 here and I am about to upgrade to SP1, all I want to do is allow my users to access mail and calendars from home, and internally via Outlook 2007 obviously.
What issues can I expect with using a standard certificate as opposed to the SAN variety. I am new to exchange altogether so appologies if this seems a dum question.
Any help is greatly appreciated.
|
|
|
|
|
RE: SSL Certificate - 29.Jul.2008 3:22:44 PM
|
|
|
Sembee
Posts: 3583
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
While you can use Exchange 2007 with a single name certificate, it causes issues with the way that Exchange works, particularly with Outlook 2007. Ideally you should have a SAN certificate so that you can support the multiple names that Exchange and Outlook require to work successfully.
I have written instructions on getting the SAN certificate here: http://www.sembee.co.uk/archive/2008/05/30/78.aspx
However I have also written instructions on the use of a single name certificate here: http://www.amset.info/exchange/singlenamessl.asp
To put is simply, if you are using Outlook 2007 then I would recommend the use of a SAN certificate.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: SSL Certificate - 29.Jul.2008 3:50:24 PM
|
|
|
Christof
Posts: 5
Joined: 29.Jul.2008
Status: offline
|
Thanks sembee, that looks quite complex but good instructions. I will have a look when I get to work tomorrow.
Christof
|
|
|
|
|
RE: SSL Certificate - 26.Aug.2008 1:45:42 PM
|
|
|
madcow
Posts: 898
Joined: 28.May2001
From: Planet, Earth
Status: offline
|
I read here ....http://www.sembee.co.uk/archive/2008/05/30/78.aspx
What server names would you recommend for a Cluster envoirenment ...
I will have 2 CAS/HUBs on a 2 Node cluster SCC.
Will these be my URLS:
webmail.ourdomain.com
autodiscovery.ourdomain.com
CAS-HUB01.ourdomain.com
CAS-HUB02.ourdomain.com
How do I enter my clsuter nodes here???? Do I add both nodes FQDN name here?
Advise Please.
Thank you
|
|
|
|
|
RE: SSL Certificate - 26.Aug.2008 2:16:27 PM
|
|
|
Sembee
Posts: 3583
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
No idea on clustering.
Technically you would need a certificate for each server, most SSL providers only supply a certificate for one physical server. Therefore each certificate would have the server's real name in it, along with the additional names that you are using publicly.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: SSL Certificate - 26.Aug.2008 2:19:06 PM
|
|
|
madcow
Posts: 898
Joined: 28.May2001
From: Planet, Earth
Status: offline
|
Simon Thank you for your response.
Or may be I dont need a cert for them as they are really BEnds????
lets say if we need certs then I would need 2 certs ...one for each node and then a third one ...for the virtual name of the cluster?????? getting confusing ...
< Message edited by madcow -- 26.Aug.2008 2:27:26 PM >
|
|
|
|
|
RE: SSL Certificate - 26.Aug.2008 2:31:15 PM
|
|
|
Sembee
Posts: 3583
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
If it is CAS then it needs a certificate.
If the CAS role is not installed then it doesn't need a certificate.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: SSL Certificate - 26.Aug.2008 3:12:06 PM
|
|
|
madcow
Posts: 898
Joined: 28.May2001
From: Planet, Earth
Status: offline
|
Thanks Simon for your response. So from what you have stated based on that ....I dont need a cert bcos those are just mailbox clustered nodes only???
I am not sure ... I need to confirm this ... I think we need to add the VirtualCluster.ourdomain.com name in?????
Ofcourse the Certs will be needed on the CASs/HUBs.
< Message edited by madcow -- 26.Aug.2008 3:43:56 PM >
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
