Hi, Slightly confused over the contents of the SSL certificate, different articles show in the Exchange Certificate request you should have e.g. CAS01.domain... CAS02.domain... Cas01 Cas02 As well as your normal external urls for autodiscover, smtp, owa etc..... The confusion is do you really need cas01 in the SSL SAN certificate as you will already have cas01.domain.... in the Cer request ? Please advise - none of the MS articles explain the need for the FQDN and netbios name being in the Certificate. Thanks all.

Hello, Please refer below article which gives you best practices for Domain Names for a Client Access Server Creating a Certificate or Certificate Request for TLS http://technet.microsoft.com/en-us/library/aa998840(EXCHG.80).aspx

Dear customer: Best Practices for Domain Names for a Client Access Server When you create a certificate or certificate request for a Client Access server, the set of domain names that you should include in the request are as follows: Local or NetBIOS name of the server, for example, owa1 All the accepted domain names for the organization, for example, contoso.com The fully qualified domain name for the server, for example, owa1.contoso.com The Autodiscover domain name for the domain, for example, Autodiscover.contoso.com The load-balance identity of the server if you are using one, for example, owa.contoso.com So the answer for your question depends on your actually need. In other words, if you want to access CAS via netbios name, you should add cas01 in SAN. Hope it helps. If anything is unlear, please feel free to let mw know. Rock Wang - MSFT