ealiear we have purchased one third party certicate for exchange 2010 and made one public domain entry in certificate webmail.unionkbc.com. and now we have taken another ISP with TATA and created another webmail2.unionkbc.com URL for accesing mail from outside. when we are using TATA ISP we are getting untrusred certificate error.

This is because the certificate is for the address webmail.unionkbc.com and not webmail2.unionkbc.com You need to get a certificate which covers both of these webaddresses, or get a wildcard certificate for *.unionkbc.com

you mean to say we have to puchase new certificate with two public domain entry in certificate.

you mean to say we have to puchase new certificate with two public domain entry in certificate. That is correct, because an SSL certificate needs to be an exact match. host.example.com and host2.example.com are not a match so will give an error. If you are using Exchange 2010 then ideally you should be using a Unified Communications certificate, rather than a standard single name certificate. That is because of the requirements for Exchange to use SSL internally and externally. As well as the common name, it also needs to have autodiscover.example.com as well as the server's internal NETBIOS and FQDN. If you used a UC certificate then you would be able to add the second common name to the SSL certificate. You can get cheap UC certificates from http://certificatesforexchange.com/ for US$60/year. I wouldn't recommend a wildcard certificate as that can cause issues with some clients. Furthermore if you are not using the same domain externally as you are internally (for example example.com is your external domain and domain.local is your Windows domain) then it makes configuration more complex for Exchange to use that SSL certificate without errors. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

if i purchase UC certificate with two common name example.com,example2.com. will we face any problem in autodiscovery with two common name (example.com, example2.com) for internal outlook client ? .

Hello, Its recommended by Microsoft to obtain the SAN certificate. Based on my experience, some mobile device may not support the wild card certificate. For more reference about certificate, please see: http://technet.microsoft.com/en-us/library/dd351044.aspx Thanks, Simon

so plz tell me what is the best way for my envirement. actualy i am using two ISP. ISP1 Webmail URL-webmail.example.com Public IP:114.12.44.50 ISp2 Webmail URL-webmail2.example.com Public IP:49.58.11.24 is it posible i can redirect webmail.exaple.com to both public IP instead of using two diferent URL.

Most DNS providers will allow you to have more than one A record, so both IP addresses are valid DNS entries for the host name. However DNS does not provide high availability as it has no service awareness. Therefore in the event of one connection going down, traffic will not be 100% reliable. If you want transparent redundancy then you will need to use an external load balancer, probably located at a data centre, that can detect if a connection is not available and route traffic accordingly. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.