Exchange 2010 SSL Cert Domains
I am working on building my EX2010 servers and I am to the point of getting an SSL cert. I've looked through all the documentation, How Tos, etc., but I'm still not sure what domains I need (SAN cert). I will have all the regular services available: owa,
pop, imap, autodiscover, activesync. Do I really need separate domains for each service? Can I just use mail.mydomain.com for most of them? Is there any technical advantage to having mutliple domains or is it just supposed to make administration
easier? Here's what I'm thinking so far:
mail.mydomain.com - owa, imap, pop, activesync [available for all users external and internal]
autodiscover.mydomain.com - autodiscover
servername.mydomain.com - internal ssl for clients connecting directly to servername.mydomain.com
servername - internal ssl connections without fqdn
Thanks,
Mike
November 2nd, 2010 6:43pm
Hi,
I normally set it up like you described yourself.
The "advantage" of more domain names is the possibility to split the services up on more servers. For the most companies (in europe at least) having 1 or 2 CAS servers (CAS array if two or more servers) is enough so in that case you should be just fine.
/MartinExchange is a passion not just a collaboration software.
Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2010 6:56pm
Hi Mike,
You should be fine with the above. The only other consideration is if your client will use TLS/SSL encrypted SMTP connections, and if this will be on the same server as the mail.mydomain.com server, or on a different server running the hub transport role.
If it's the latter you may want a name such as smtp.domain.com in addition to the above.
SteveSteve Goodman
Check out my Blog for more Exchange info or find me on
Twitter
November 3rd, 2010 9:34am
I'll have HUB/CAS on the same server and only on one server (running as a VM)...mailbox server is a second VM. Thanks for your replies!
I'm going with:
mail.mydomain.com - owa, imap, pop, activesync [available for all users external and internal]
autodiscover.mydomain.com - autodiscover
servername.mydomain.com - internal ssl for clients connecting directly to servername.mydomain.com
servername - internal ssl connections without fqdn
Mike
Free Windows Admin Tool Kit Click here and download it now
November 3rd, 2010 9:51am