SSL and Exchange

PR. · 20 May 2010 at 22:58

Bit of a long shot...

I'm rolling out Exchange 2010 and I'm having a problems with SSL certificates. As I'm upgrading from 2003 we currently only have the one certificate. However 2010 requires pretty much one for everything!

I'm seeing an error on my test clients because the servers internal domain name doesn't have a proper SSL! That means I have to have an SSL for the external domain name and another for every internal server name, and another for the FQDN of every internal server?

I was looking at Godaddy for SSL Certificates - http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=9039 would an unlimited sub-domains SSL cover this?

This is what I guess I'd need to order?
mail.company.com (external owa)
servername (internal server name x10 exchange sites)
servername.company.com (fully qualified internal domain name x10 exchange sites)

Has anyone else deployed 2010 or even 2007 and had to go through this?

Thanks

PR. · 21 May 2010 at 07:45

Cheers for that I'll give it a go today.

PR. · 21 May 2010 at 12:37

Think I'm going to have to go with a new certificate. I've set up an internal CA and created a certificate but you can only assign the Exchange IIS process to the Internal OR the External certificate, so either way one doesn't work.

Thanks anyway!

PR. · 22 May 2010 at 00:46

We bought a wildcard ssl cert in the end, cost £124 (with a £30 promo code) but we can basically cancel a bunch of other certs we've been paying for years, so we're still going to save money.

Installed fine and internal and external connections are working perfectly.

PR. · 9 Jun 2010 at 13:53

But won't an internally created certificate only work for internal computers? We have home users via OWA and iPhones using ActiveSync and we don't want constant SSL certificate warnings.

Had no major problems with the upgrade to 2010 from 2003. If anyone is doing the same thing and has users running Outlook 2003 or less you'll need to enable encryption on the account settings, otherwise 2010 will reject the client and they won't connect (Had a few hours of fun trying to work out why some users couldn't connect...)

One server down, 9 to go!!