Hi everyone, I have no idea where to post this so here goes. I have multiple servers in my environment which are going to be requiring certificates from a public CA. I have: 1 Microsoft Lync Server - 5 SAN's required 1 Microsoft Lync Edge Server - 1 SAN required 1 Microsoft Exchange Server - 5 SAN's required 1 Microsoft Sharepoint Server - 1 SAN required 1 IBM Server - 2 SAN's required 1 Microsoft Forefront TMG Server - No SAN's for reverse proxy to my Lync Edge server and SharePoint server to allow external access to resources Among all these I am going to need a certificate to get them all up on the internet, there are 14 SAN names between 2 different domains, one is internal lets say internaldomain.co.uk and the other external lets say domain.com. As well as these SAN's I'm also thinking about adding www.domain.com to the certificate for future usage. Ive noticed godaddy do a UC certificate which supports up to 5 domains and 100 SAN's, if i buy one of these and put all the SAN's onto it will I be able to use it with all these servers without issue (obviously IBM server discounted as its nothing to do with me so I dont really mind if it works or not :D)? As well as this, does it matter what I put as the main subject name or can it just be any one of the SAN's? I know wildcard certs dont work well with Lync so I am not going to be buying one of those. All these technologies are set up correctly and are currently running with trial certificates which will expire soon or with self signed certificates from my local certificate authorities, all I want to do is change them to a single certificate from a public certificate authority if possible. If this is in the wrong place can someone let me know where i need to post it please. Thanks CraigNoz

you can put all these names to SAN extension. The only thing you should care — *all* required names should appear in the SAN extension (including CN from Subject field). This is because if SAN extension appears in the certificate it's Subject field is ignored and SAN extension is used. In other words SAN extension must contains a name from Subject field too.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

Ok, So does that mean I can have one name as my main subject name, say www.domain.com and all the other required names as SAN's and then I can use the certifiate for all my requirements? CraigNoz

yes. But www.domain.com must be added to SAN extension too.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

Thanks vadims!