Wildcard certificate or UCC certificate or standard SSL
Hi,
We would like to confirm what SSL cert we required to purchase for our exchange 2010.
The services we going to apply for SSL :
www.domain.com (external cert)
test.com (for TLS setup, internal cert)
We do not need auto discovery & activesync for server. For security purposes, our internal & external domain should be different, thuse different SSL cert required.
FYI, we are running on standalone exchange server, whereby DC, hub, cas and mailstore are running at same server.
Can we enable internal cert through EMC/EMS and external cert through IIS?
Can we purchase 2 standard SSL cert will do?
Appreciate if you have same setup at your exchange, do feel free to feedback.
Thank You!
March 11th, 2013 10:21am
Hi
Firstly having different internal and external domain names does nothing to improve security so if that is the only reason why you plan to do this you might want to reconsider. You can only have 1 certificate per service on a single IP address so you
will need multiple IP addresses and virtual directories on the server to get this bit to work - configuring certificates in EMC/EMS or IIS doesn't make a difference. One more thing (getting all the bad news out the way first) is that running a WWW server
and Exchange on the same box will be complicated.
You can get a UC certificate for the Exchange part but if you want to use that certificate for the WWW too it won't be allowed so you will need to get a wildcard. If you get a UCC then you will need to include autodiscover on it (or whatever hostname
you want to use for this service) as Outlook clients internally need this for configuration information.
Cheers, Steve
Free Windows Admin Tool Kit Click here and download it now
March 11th, 2013 11:08am
Hi Steve,
Thanks for the info, our plan is do not want the public to know our main domain. Thus, we will point OWA to another domain. Server will have 2 domains, 1 for OWA and another 1 for the autodiscover & TLS.
In that case, do we need separate SSL cert for TLS? Can we use UCC for autodiscover & TLS? As UCC can apply for multiple FQDN (autodiscover.domain.com )
Please advice!
March 11th, 2013 12:51pm
Hi
You can have multiple domains on a single UC cert so that wouldn't be a problem and yes you can use the same cert for TLS too.
I've also just noticed that my earlier statement about WWW is not ture anymore and UCC providers now allow these names on the certificate, so that might make things less complicated for you. See this example from DigiCert: http://www.digicert.com/unified-communications-ssl-tls.htm.
If you have a preferred provider for certificates your should contact them to see what their policies are otherwise have a look at these recommended providers: http://support.microsoft.com/kb/929395?wa=wsignin1.0
Cheers, Steve
Free Windows Admin Tool Kit Click here and download it now
March 11th, 2013 2:05pm