Hello there, I am about to migrate an existing standard single-server Exchange 2007 SP1 installation on a Windows 2003 box to a new standard single-server Exchange 2007 SP2 installation on a Windows 2008 box and an existing standard single-server Exchange 2007 SP2 installation on a Windows 2003 box to a new standard single-server Exchange 2010 RTM installation on a Windows 2008 box. I need some help from you experts regarding to what names I need to include in the new SSL Certificates which will then be installed in the new CAS Servers and replace the expired certificates currently installed in the old CAS Servers. The expired certificates currently installed in the old CAS Servers are Self-Signed using the internal Microsoft CA. Instead, we are planning to buy and install new GoDaddy Multiple Domain SSL Certificates. The following services and features are currently used and will be used after migration in both installations: - Internal domain users are enabled for MAPI and OWA - Some external users use OWA, while some others use the Outlook Anywhere feature Both internal and external users connect to the same FQDN when using OWA, which corresponds to the external FQDN for the Internet domain (mail.company.com). Existing Self-Signed SSL Certificates include the following names: - mail.company.com - autodiscover.company.com - company.com - company.local (which is the local AD domain name) - exchangeservername.company.local - exchangeservername Since we are now going to request and buy new GoDaddy Multiple Domain SSL Certificates (to primarily avoid the administrative task required for external machines not joined to the domain and smartphones to manually import and trust the Self-Signed Certificates, I would like to pinpoint the exact multiple names which need to be secured in our scenario. At a minimun, I know I need to include the FQDN that people use internally and externally when connecting to OWA and when using the Outlook Anywhere feature (mail.company.com) as long as the name for Autodiscover (autodiscover.company.com). More specifically are base domain and local name (company.com and company.local) also needed ? Will I also have to include exchangeservername.company.local and exchangeservername along with the other names ? Thank you very much for your support. Have a great day. Massimiliano

Hi I would include the following names in the UC/SAN certificate - mail.company.com (external domain) - autodiscover.company.com (external) - exchangeservername .company.local (internal domain) - exchangeservername (internal use) Jonas Andersson MCTS: Microsoft Exchange Server 2010, Configuration | MCITP: EMA | MCSE/MCSA Blog: http://www.testlabs.se/blog

Hello, Jonas thank you very much your reply. Could you please detail whether exchangeservername.company.local and exchangeservername are also needed for users or devices connecting through OWA, Outlook Anywhere or Exchange ActiveSync or whether they are needed for internal users only ? Maybe are they needed for remote connectivity from "old" Outlook 2003 clients ? Thank you again. Massimiliano

These are for what i know only needed for internal use Nope. not for Outlook 2003 clientsJonas Andersson MCTS: Microsoft Exchange Server 2010, Configuration | MCITP: EMA | MCSE/MCSA Blog: http://www.testlabs.se/blog

More specifically are base domain and local name (company.com and company.local) also needed ? Will I also have to include exchangeservername.company.local and exchangeservername along with the other names ? As long as you've got split DNS such that clients can resolve mail.company.com and autodiscover.company.com internally you won't need these.Active Directory, 4th Edition - www.briandesmond.com/ad4/

Good point there Brian!Jonas Andersson MCTS: Microsoft Exchange Server 2010, Configuration | MCITP: EMA | MCSE/MCSA Blog: http://www.testlabs.se/blog

Hello Brian, thank you for your reply. Could you please detail why autodiscover.company.com DNS resolution is also required internally ? Thanks. Massimiliano

Hello Brian, thank you for your reply. Could you please detail why autodiscover.company.com DNS resolution is also required internally ? Thanks. Massimiliano Any non AD joined client will use this. Macs, machines in workgroups, etc. Also things like ActiveSync devices on local wifi, etc. Active Directory, 4th Edition - www.briandesmond.com/ad4/