Hi We have 2 issues with our cetificates , Running in a Windows server 200R2 environment with Exchange 2010 SP1. We have been using the default certificates . Our error is the name on the certificate does not match the name of the site and we have out of office assistant errors which are obviously linked to Autodiscovery... We have 3 sites with 3 exchange servers with Hub , Cas & Mailbox roles on each one.. The domain name is RBN.local and the MX record is mail.bafokengdevelopment.com .. Our 3 sites are frontend.rbn.local , rbs.rbn.local & rbd.rbn.local I want to buy a SSL cert from Go Daddy and need to know do i need 3 different SSl certs for each site or 1 SSL cert with Subject alternate names on ? Please advise as I dont want to buy a certificate and we keep getting the name does not match error.. I must add that we get 3 certificate errors , One from each client access server so every user gets 3 certificate errors , 1 from frontend , 1 from RBS and 1 from RBD Thanks in advance

You need to buy one single SAN certificate for 3 domain as main DNS name is same "rbn.local"Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2011, My Blog : http://messagingschool.wordpress.com

Agree with Anil.Gulab | MCITP: Exchange 2010-2007 | Skype: Gulab.Mallah | Blog: www.ExchangeRanger.Blogspot.com

Thanks Guys Please help further So I do the new certificate request and theres quite a bit of info there... under client access server I wont need to put in anything for outlook web app as i already have a go daddy cert and we dont have certificate errors with OWA or do I ? the internal would be frontend.rbn.local , rbd,rbn.local & rbs.rbn.local and the external would be mail.bafokengdevelopment.com Activesync ? what would i put here ? Autodiscover : what would I put in here ? thanks in advance

The wizard puts lots of names in that you don't need. Therefore just populate the top box with your preferred host name and then click next. On the list of names add the following: host.example.com - this is your preferred external host name. Make it the common name autodiscover.example.com - where example.com is the name of your domain AFTER the @ sign. This should also be in your external DNS and pointing to the external IP address of the Exchange server. server.domain.local - this is the FQDN of the server internally. server - this is the NETBIOS name of the server internally. No other names are required in a regular installation. You do not need to have either domain.local or example.com in the certificate. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Ok thanks , here is something I left out........ we have 3 different e mail addresses which are @platinumstars.com , @ bafokengsports.com , @bafokengdevelopment.com Will this have any impact on the certificate.. as you mention the name after @ and in our case we have 3 different ones rgds ryan

No impact on the cert, those are SMTP domains.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Hi Sembee So i must put and in the order you have written mail.bafokengdevelopment.com autodiscover.rbn.local or autodiscover.mail.bafokengdevelopment.com frontend.rbn.local , rbd.rbn.local and rbs.rbn.local frontend,rbd,rbs Sorry but im just making sure.. Not too much experience with certificates and dont want to mess up just to refresh our domain is rbn.local , 3 sites called frontend , rbd , rbs and our external is mail.bafokengdevelopment.com thanks in advance

Hi, The following two domains names must be added into the certificate: bafokengdevelopment.com rbn.local Depending on your URLs settings and external DNS settings, the following URL can be added into the certificate: mail.bafokengdevelopment.com autodiscover.bafokengdevelopment.com autodiscover.rbn.local frontend.rbn.local rbd.rbn.local rbs.rbn.local Additionally, it is best to add your SMTP domains in the certificate: platinumstars.com bafokengsports.com bafokengdevelopment.com You may use the “New Exchange certificate” in EMC, and select all the service you would like to enable and specify the domain names, included Active Sync, and then use “Add” to add other domain names. The details steps are described in http://blogs.microsoft.co.il/blogs/eldadc/archive/2009/07/15/how-to-configure-exchange-2010-certificate.aspx. For more information, see Microsoft articles below: Certificate Planning http://technet.microsoft.com/en-us/library/dd638104.aspx Best Practices for Domain Names for Internet SMTP http://technet.microsoft.com/en-us/library/aa998840.aspx. Best regards, Fiona LiaoPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thank you Fiona Info appreciated !