need to impliment third party puchased certificate in exchange 2010
ealiear we have purchased one third party certicate for exchange 2010 and made one public domain entry in certificate webmail.unionkbc.com.
and now we have taken another ISP with TATA and created another webmail2.unionkbc.com URL for accesing mail from outside.
when we are using TATA ISP we are getting untrusred certificate error.
July 4th, 2012 8:34am
This is because the certificate is for the address webmail.unionkbc.com and not webmail2.unionkbc.com
You need to get a certificate which covers both of these webaddresses, or get a wildcard certificate for *.unionkbc.com
Free Windows Admin Tool Kit Click here and download it now
July 4th, 2012 8:44am
you mean to say we have to puchase new certificate with two public domain entry in certificate.
July 5th, 2012 4:58am
you mean to say we have to puchase new certificate with two public domain entry in certificate.
That is correct, because an SSL certificate needs to be an exact match. host.example.com and host2.example.com are not a match so will give an error.
If you are using Exchange 2010 then ideally you should be using a Unified Communications certificate, rather than a standard single name certificate. That is because of the requirements for Exchange to use SSL internally and externally. As well as the common
name, it also needs to have autodiscover.example.com as well as the server's internal NETBIOS and FQDN.
If you used a UC certificate then you would be able to add the second common name to the SSL certificate. You can get cheap UC certificates from
http://certificatesforexchange.com/ for US$60/year.
I wouldn't recommend a wildcard certificate as that can cause issues with some clients. Furthermore if you are not using the same domain externally as you are internally (for example example.com is your external domain and domain.local is your Windows domain)
then it makes configuration more complex for Exchange to use that SSL certificate without errors.
Simon. Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2012 8:59am
if i purchase UC certificate with two common name example.com,example2.com.
will we face any problem in autodiscovery with two common name (example.com, example2.com) for internal outlook client ? .
July 6th, 2012 12:57am
Hello,
Its recommended by Microsoft to obtain the SAN certificate. Based on my experience, some mobile device may not support the wild card certificate.
For more reference about certificate, please see:
http://technet.microsoft.com/en-us/library/dd351044.aspx
Thanks,
Simon
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2012 2:25am
so plz tell me what is the best way for my envirement.
actualy i am using two ISP.
ISP1 Webmail URL-webmail.example.com Public IP:114.12.44.50
ISp2 Webmail URL-webmail2.example.com Public IP:49.58.11.24
is it posible i can redirect webmail.exaple.com to both public IP instead of using two diferent URL.
July 6th, 2012 3:03am
Most DNS providers will allow you to have more than one A record, so both IP addresses are valid DNS entries for the host name. However DNS does not provide high availability as it has no service awareness. Therefore in the event of one connection going
down, traffic will not be 100% reliable.
If you want transparent redundancy then you will need to use an external load balancer, probably located at a data centre, that can detect if a connection is not available and route traffic accordingly.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2012 11:48am