Exchange 2010 SSL Cert Domains (Network Steve Forum)

Exchange 2010 SSL Cert Domains

I am working on building my EX2010 servers and I am to the point of getting an SSL cert. I've looked through all the documentation, How Tos, etc., but I'm still not sure what domains I need (SAN cert). I will have all the regular services available: owa, pop, imap, autodiscover, activesync. Do I really need separate domains for each service? Can I just use mail.mydomain.com for most of them? Is there any technical advantage to having mutliple domains or is it just supposed to make administration easier? Here's what I'm thinking so far: mail.mydomain.com - owa, imap, pop, activesync [available for all users external and internal] autodiscover.mydomain.com - autodiscover servername.mydomain.com - internal ssl for clients connecting directly to servername.mydomain.com servername - internal ssl connections without fqdn Thanks, Mike

November 2nd, 2010 6:43pm

Hi, I normally set it up like you described yourself. The "advantage" of more domain names is the possibility to split the services up on more servers. For the most companies (in europe at least) having 1 or 2 CAS servers (CAS array if two or more servers) is enough so in that case you should be just fine. /MartinExchange is a passion not just a collaboration software.

Free Windows Admin Tool Kit Click here and download it now

November 2nd, 2010 6:56pm

Hi Mike, You should be fine with the above. The only other consideration is if your client will use TLS/SSL encrypted SMTP connections, and if this will be on the same server as the mail.mydomain.com server, or on a different server running the hub transport role. If it's the latter you may want a name such as smtp.domain.com in addition to the above. SteveSteve Goodman Check out my Blog for more Exchange info or find me on Twitter

November 3rd, 2010 9:34am

I'll have HUB/CAS on the same server and only on one server (running as a VM)...mailbox server is a second VM. Thanks for your replies! I'm going with: mail.mydomain.com - owa, imap, pop, activesync [available for all users external and internal] autodiscover.mydomain.com - autodiscover servername.mydomain.com - internal ssl for clients connecting directly to servername.mydomain.com servername - internal ssl connections without fqdn Mike

Free Windows Admin Tool Kit Click here and download it now

November 3rd, 2010 9:51am

This topic is archived. No further replies will be accepted.