SSL SAN Server Name
Hi, Why do i need SAN3 below for my exchange 2010 SP1 SSL? My understanding is that i would only need SAN1 and SAN2. Could someone please enlighten me with an explanation? SAN1: mail.mycompany.com SAN2: autodiscover.mycompany.com SAN3: servername.mycompany.local
May 16th, 2012 2:06am

The third one (SAN3) is for internal connections ..Domain name you use to access outlook web app internally. u likely do not need all of those domains in the cert, it's upto you but it's always best practice to add that as well. Only those that are used for SSL-secured web services (eg OWA) and are used as primary SMTP addresses for mailbox users (ie for Autodiscover to work for them). Digicert publishes some good advice on how to work out which domains and names to include in your SAN cert here: http://www.digicert.com/ssl-support/...-san-names.htm Thanks
Free Windows Admin Tool Kit Click here and download it now
May 16th, 2012 10:07am

By default, Outlook clients will use server.domain.local for Autodiscover. You will find most people (myself included) will recommend both the FQDN and the NETBIOS name. Microsoft also want to put in the root of the domain, but I don't do that myself as I think the root of the domain should be pointing to the public web site. If you are running the UM role you will need to have the FQDN of the server included as well, otherwise UM will not use it and will generate its own certificate. With the SSL provider I use ( https://certificatesforexchange.com/ ) whether I have three or four names doesn't matter, as they sell the unified communications certificates in blocks of five names. If you don't want to include the internal names then you will have to modify the configuration of Exchange to use the public name and have a split DNS system so that the public name resolves internally to Exchange. SSL is not just for external OWA any longer, it is used for all communication, both internally and externally between Exchange and Outlook 2007 and higher. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
May 16th, 2012 7:31pm

Hello, For more reference: More on Exchange 2007 and certificates - with real world scenario http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx Thanks, Simon
Free Windows Admin Tool Kit Click here and download it now
May 16th, 2012 10:57pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics