Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Getting my first SSL Cert for OWA and ActiveSync.

Status
Not open for further replies.
Pablonhd

Pablonhd

IS-IT--Management
Nov 1, 2010
36
CA
When using New-ExchangeCertificate do I need to generate the request to inclued all the names for my server or only the public names?

For example from the web my server is mail.sub.domain.com but NAT's internally to my server is exchange.sub.domain.com. I know this is odd but I inheirited this configuration.

To date we have had no servces accessiable from the web. MX servers on the main domain handle all inbound email and hand it off you our sub domain's exchange server.

We are looking at allowing OWA and ActiveSync and to do so we want a SSL cert that is not self singed.

My question is would the ssl cert request need to cover the external name and the internal name for my server? Or do i only use the external names to cover the external access and continue to use the self signed cert for interal services accessing the internal name?

If this is a stupid question please go easy on me as this is new territory for me.
 
Sort by date Sort by votes
So, if your OWA address is going to be then that name (mail.sub.domain.com) needs to appear in your cert.

You also need to account for autodiscover to support EAS mobile devices. So figure out what your autodiscover name is going to be. Likely something like autodiscover.sub.domain.com, and include that.

If you have users using OWA internally, and you're NOT using split brain DNS, then you need to include that URI - something like mail.sub.domain.local. I always use split brain DNS, so I never have internal names in externally facing certificates.

If you're using a single Exchange server (Hub and CAS roles combined), then you probably want to include your MX records if they are different than your OWA address. That way, the server can support TLS to the outside world for SMTP.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
2K
microsGuy16
microsGuy16
ponoodle
  • Locked
  • Question
Disabling OWA for on prem Exchange while in a hybrid envirenment.
Replies
0
Views
1K
ponoodle
ponoodle
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
1K
Wesaf
Wesaf
david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
1K
david jackson
david jackson
Rohit Bareja
  • Locked
  • Question
View and access only own records, and not the records by others on SharePoint.
Replies
3
Views
1K
garysm
garysm

Part and Inventory Search

Sponsor

Back
Top