Fqdn & Netbios in certificats ?

hello there

we are planning to migrate from 2010 to 2013. we would like to use the exchange certificate in place on 2010 servers

so simple question : should i put fqdn and netbios names  of exchange 2013 in certificate ? in case not we can use exchange 2010 certificat :)

i have seen many companies doing that but i dont know why, especially when you use split DNS and internalurl = externalurl

thank

regards

May 28th, 2015 4:29pm

hello there

we are planning to migrate from 2010 to 2013. we would like to use the exchange certificate in place on 2010 servers

so simple question : should i put fqdn and netbios names  of exchange 2013 in certificate ? in case not we can use exchange 2010 certificat :)

i have seen many companies doing that but i dont know why, especially when you use split DNS and internalurl = externalurl

thank

regards

All you need are the hostnames of the URLs that clients will connect to in the cert subject name fields.

Typically that is a load balanced URL hostname and not the specific server FQDN and not the NetBIOS name.

Free Windows Admin Tool Kit Click here and download it now
May 28th, 2015 7:58pm

Hi zouzou,

Thank you for your question.

The Exchange just use FQDN in certificate. About NetBIOS, we could refer  to the bottom at the following link

https://technet.microsoft.com/en-us/library/bb663572%28v=office.12%29.aspx

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

May 29th, 2015 3:17am

http://exchangeserverpro.com/exchange-server-2010-2013-migration-configuring-ssl-certificates/


  1. Create new local DNS zone with Company.com and create just one host A record (Mail.company.com) that point to NLB VIP
  2. Change all internal and external URLs to be Https://Mail.company.com/OWA, /ECP.... etc.
  3. Change Exchange web services to be Https://Mail.company.com/EWS/Exchange.asmx
  4. Change Autodiscover URLs and URI to be Https://mail.company.com/

you must have at least two SANs (Autodiscover.company.com and Mail.company.com)


Free Windows Admin Tool Kit Click here and download it now
May 29th, 2015 7:10am

hi all,

i do appreciate your contributions. thanks a lot

So, i Only care FQDN of exchange services in certificats such as mail.mycompany.com, autodiscover.mycompany.com; mail-internal.mycompany.com...

i dont mind 8 servers names such as :

FQDN : server1.mycompany.com, server2.mycompany.com... => i dont care

Netbios : server1, server2... => i dont care

Thanks

May 31st, 2015 12:48pm

hi all,

i do appreciate your contributions. thanks a lot

So, i Only care FQDN of exchange services in certificats such as mail.mycompany.com, autodiscover.mycompany.com; mail-internal.mycompany.com...

i dont mind 8 servers names such as :

FQDN : server1.mycompany.com, server2.mycompany.com... => i dont care

Netbios : server1, server2... => i dont care

Thanks

Yes. You only care about FQDNs that clients will use to connect to the servers. If you want to connect directly to a specific server to test, you just ignore the cert mismatch error.
Free Windows Admin Tool Kit Click here and download it now
May 31st, 2015 2:10pm

Hi ,

I agree with Andy.

By you said:

FQDN : server1.mycompany.com, server2.mycompany.com... => i dont care

Netbios : server1, server2... => i dont care

You should care FQDN.

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

June 2nd, 2015 4:03am

why should i care server FQDN ??

dont get me wrong, of course i do care FQDN of exchange services

FQDN of owa, FQDN of asyn, oab and and so on...

but i do not understand why i should i care of server1.mycompany.local, server2.mycompany.local...server8.mycompany.local

users wont deal with exchanges server FQDN only services provides by exchange servers right ? 


  • Edited by zouzouf95 12 hours 14 minutes ago
Free Windows Admin Tool Kit Click here and download it now
June 2nd, 2015 3:14pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics