Question : SAN SSL certificates for Exchange 2010


Hi everyone,

I'm just wondering as to why I should keep both CAS server name and CAS servername.mydomain.com into the third party SSL certificates.  We're running Exchange 2007 server.  But we're about to upgrade to Exchange 2010 so Is it required to keep the server name et the server name + domain name on Exchange 2010 ?  Thanks

Here is the current SAN certificate:
"mydomain.com
"s2008excas01
"s2008excas02
"s2008excas03
"s2008excas01.mydomain.com
"s2008excas02.mydomain.com
"s2008excas03.mydomain.com
"autodiscover.mydomain.com

Answer : SAN SSL certificates for Exchange 2010

It shows that you have more that 1 CAS server... are the CAS servers in the same site?
If yes then are they in any kind of NLB?

You actually do not require to keep the names of all the CAS servers in the SAN certificate. It depends how you have configured the internal Autodiscover.

If you have modified the SCP (Service connection point) of the autodiscover service internally and set it to a particular CAS server, then OL will connect to only that server and you require only that servers name/fqdn in the SAN certificate.
By default, the SCP is set to the name of the First CAS server installed in the organisation.

In your scenario, it would be best recommended that you set the SCP to the NLB fqdn and modify all the internal URL's as well. That way you only require the name of the NLB/FQDN of NLB in the certificate rather than the CAS servers. This would only apply if you have the CAS in any kind of NLB.

Let us know how it goes.
Random Solutions  
 
programming4us programming4us