Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
SSL - Subject Alternative Names
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
SSL - Subject Alternative Names - 31.May2007 10:42:26 AM
|
|
|
derek.sparks
Posts: 9
Joined: 29.May2007
Status: offline
|
I see in Henriks book that he mentions that in order to support Outlook Anywhere, OWA, Exhange ActiveSync and Web AutoDiscover, the site needs an SSL cert with subject alternative names. He mentions Entrust.com, Geotrust.com and Verisign, but those certs are $600 a year at least. However, GoDaddy has what they call a WildCard certificate that secures your site and any subdomains as well. Does anyone know if this type of certificate will work to secure all of the Exchange 2007 sites? I hope so....$199 for one year sure beats $600.
https://www.godaddy.com/gdshop/ssl/ssl.asp?ci=9173
Cheers!
|
|
|
|
|
RE: SSL - Subject Alternative Names - 31.May2007 3:31:15 PM
|
|
|
Henrik Walther
Posts: 6928
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline
|
Hi Derek,
A wildcard certificate is very different from a SAN certificate. For example you cannot use the internal hostname of the E2K7 server with a wildcard certificate (if internal and external names are different, which they typically are).
But the good thing is we now have one more SAN certificate provider, which offers SAN certificate with 3 domains included for 200$:
http://www.comodo.com/msexchange/
If you require additional domains, you'll then need to pay 30$ per domain.
I also think GoDaddy will start issuing these types of certificates pretty soon, since anything else would be plain stupid.
_____________________________
HTH
Henrik Walther
Lead Moderator/author
MSExchange.org
Follow me on Twitter!
|
|
|
|
|
RE: SSL - Subject Alternative Names - 31.May2007 4:58:46 PM
|
|
|
derek.sparks
Posts: 9
Joined: 29.May2007
Status: offline
|
Exactly what I was looking for. Thanks!
Do OWA and EAS require separate SSL certs? I don't plan on using Outlook anywhere...just OWA and enabling my WM5 users to recieve email.
Thanks again,
Derek
|
|
|
|
|
RE: SSL - Subject Alternative Names - 1.Jun.2007 2:36:35 AM
|
|
|
Henrik Walther
Posts: 6928
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline
|
Nope OWA and EAS typically use the same FQDN.
_____________________________
HTH
Henrik Walther
Lead Moderator/author
MSExchange.org
Follow me on Twitter!
|
|
|
|
|
RE: SSL - Subject Alternative Names - 1.Jun.2007 5:34:57 PM
|
|
|
derek.sparks
Posts: 9
Joined: 29.May2007
Status: offline
|
I looked at Comodo's website...and it looks to be a pretty good value. However, the process they outline to generate a new CSR looks a little difficult.
New-ExchangeCertificate -GenerateRequest -SubjectName "C=GB, O=Comodo, CN=exchange.comodo.com" -IncludeAcceptedDomains -Path c:\exchange.comodo.com.req
My question is, in which flag would you put in the additional names? For example, my exchange server is named 'email.mydomain.com' and I want to install the certificate for:
email.mydomain.com
owa.mydomain.com
autodiscover.mydomain.com
oh, and don't try calling Comodo for help. I did a bit earlier and I got a run-around by some guy named Sharice who ended up telling me that IIS and Exchange were the same thing and that I should "...do a search for 'Exchange Management Shell' and then generate the request." Huh? What? So, again, I come to the forums looking for expert help.
Many thanks,
|
|
|
|
|
RE: SSL - Subject Alternative Names - 1.Jun.2007 6:40:48 PM
|
|
|
derek.sparks
Posts: 9
Joined: 29.May2007
Status: offline
|
OK...I finally figured it out in case anyone else is looking for this:
New-ExchangeCertificate -GenerateRequest -Path c:\email.mydomain.com.req -SubjectName "c=US, l=Kirkland, s=WA, o=Name of Organization, cn=email.mydomain.com" -DomainName owa.mydomain.com, autodiscover.mydomain.com -PrivateKeyExportable $true
Notice that the first domain name is listed inside the "-SubjectName" after "cn=" and additional domain names are later added after the -DomainName parameter with commas between the additional domain names. You can add as many additional domain names as necessary.
Hope this helps.
Cheers!
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
