Exchange 2007 SAN Cert Names?
Are the FQDN's of the HUB and CAS servers required to be in a SAN cert for Exchange 2007? We do not use POP or IMAP.
I know at one time it was recommended to include the FQDN of the HUB and CAS servers. But, now I am seeing it is no longer required.
January 25th, 2012 3:39pm
This depends on your DNS configuration. If you are using split DNS then you only have to put the ExternalUrl names on the certificate. If your InternalUrl on your CAS servers is servername.local then you will need to have those names on the certificate.
No need to have Hubs on the certificate though unless you are doing Mutual TLS connections and you want to use a single cert for everything.
Edit: Have a look here for instructions:
msexchange.org
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2012 3:49pm
I would include the CAS names otherwise you will get prompts for certs with Outook clients. You can always import the self signed or if using CA, but for simplicty include it.Sukh
January 25th, 2012 7:00pm