Sign in with
Sign up | Sign in
Your question

Microsoft Exchange: Multiple SSLs?

Tags:
  • VIA
  • Certificate
  • Exchange
  • Exchange Server
  • Business Computing
  • SSL
Last response: in Business Computing
Share
August 31, 2014 3:40:52 PM

Hi,

I have a Exchange Server 2010 setup. OWA is setup and I just setup Autodiscover. Both features are accessed via different subdomains- mail.example.com for OWA/SMTP/POP and autodiscover.example.com for Autodiscover. Both services are setup on a single Exchange server and both subdomains have their own valid SSL certificate.

It seems that I can only pick one certificate for the server to use... which would result in the other subdomain displaying an invalid SSL certificate. I can't really tell everyone to use autodiscover.example.com for accessing the Exchange server because mail.example.com has already been setup on mobile devices, etc.

So... is there any way I can setup the server to somehow use the autodiscover.example.com certificate for Autodiscover and mail.example.com for OWA?

Thanks for the help! It really is appreciated.

Sam

Edit: Or is my only option to purchase a Wildcard SSL?

More about : microsoft exchange multiple ssls

September 2, 2014 2:20:15 PM

There is a specialized SSL cert called a UCC cert. It is used when you want to use one SSL cert to cover multiple domain names; these different domain names are also called Subject Alternative Names or SAN. They can be the same root domain but with different hosts/subdomains, or it can be entirely different domain names. A UCC cert can be created with a specific number of SANs to support. An example of names that you could use with a single UCC cert would be "exchange.example.com, autodiscover.example.com, backup.mail.com, frontend.example.com". These certs are great for Exchange, wherein often you have multiple SANs, and they are also great when you want to use a specific name.

A wildcard cert will cover any host/subdomain name with the same root domain. They don't have specific names, though. Basically they will look like "*.example.com" (note the leading asterisk). Typically they are more expensive than UCC certs.

All you need is a UCC cert. You can get them from almost any reputable SSL provider. You can simply create your cert request with multiple SANs for Exchange, purchase & key your UCC cert, install the newly issued cert on your front-end server, and everything will be properly secured.
m
0
l
!