Exchange 2003 to Exchange 2010 coexistence SSL certificate question (Full Version)

All Forums >> [Microsoft Exchange 2010] >> Secure Messaging


UnderCoverGuy -> Exchange 2003 to Exchange 2010 coexistence SSL certificate question (19.Aug.2013 9:07:56 AM)

Im deploying an Exchange 2010 environment on our network (to co-exist with 2003 for a few months) for our transition (I know better late than never). Our 2010 deployment has three MBX servers, two HT/CAS servers (in a NLB CAS array) and two EDGE servers. Im trying to consolidate the URLs as much as possible and I think that I need input on my certificate requirements. Our internal domain is different than our external name and were using split-DNS internally. I know of the CA changes that are coming November 2015 and were trying to plan for it now and incorporate it into the 2010 design. We currently have no internal PKI but will implement one at a later date (after Exchange 2010 is in production).

As I mentioned, we need certificates for this deployment and were thinking (of course) to get a UCC/SAN cert. I know I need one for auto-discover, OWA and the rest (which I think I can combine into one URL) along with Outlook Anywhere using redirection. I also need one name for my legacy OWA (frontend-backend clustered 2003) while 2003 and 2010 coexist. I thinking that well need one each for the two EDGE servers for TLS (so two total), none for the HT/CAS (also none for the CAS array) and none for the MBX roles either.

As a summary for certificates:
1 (one) combined for auto-discover, OWA, ActiveSync, etc.
1 (one) for legacy Exchange 2003 OWA
1(one) for EDGE1 for TLS
1(one) for EDGE2 for TLS
0 (zero) for CAS/HT servers
0 (zero) for CAS array
0 (zero) for MBX servers

Does this seem correct or have I missed anything? Thanks in advance for any input (which is greatly appreciated).


Page: [1]