Hi Guys, I'm trying to figure out how we can have a certificate for local users accessing our exchange server ("server5") as well as having one for our external Outlook Web Access users ("mail.mydomain.co.uk"). At the moment I've got the SSL for "mail.mydomain.co.uk" set up in "bindings.." for "deault website" in IIS (windows server standard 2008). This works great for OWA users, but everyone using Outlook internally to access their mail by connecting to "server5" gets a security alert saying that the names don't match (as the cert is for mail. and we're accessing server5.). It won't allow me to bind multiple certs to port 443 and I'm not sure if I can combine 2 certificates so I'm a bit stuck. Any ideas? Surely This must be a common setup? Thanks, Leigh <script type="text/javascript"></script> <script type="text/javascript"></script>

Version of Exchange? If Exchange 2003 then the usual way round this is to use the external name internally via a split DNS system. http://www.amset.info/netadmin/split-dns.asp The users only need to know one name. I don't think I have ever deployed Exchange and had the users accessing the internal name. For Exchange 2007 or higher, a subject alternative name (aka SAN or UCC) certificate is usually used which will cover both the internal and external name of the server. You could deploy one of those with Exchange 2003, they are more expensive. You would do a regular certificate request, then during the certificate process with your vendor, add the internal name as one of the additional names. Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/

Thanks for that Simon, It's exchange 2007, I'll look into getting a SAN then, is that something we will have to purchase instead of the SSL we bought for the mail. domain or can we combine the current ones we have into a SAN for free? Thanks, Leigh

You will have to purchase a new SSL certificate that has the ability for SANs. Usually CA's sell single name certs and multi-name certs (most CA call them UC or UCC certs). You cannot combine multiple single name certs.Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com

Thanks, For anyone interested I went for this one , currently awaiting the cert...

That one will work...have used Comodo for many UC certs.Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com