Fail-over certificate for RPC Anywhere
I have two (2) ISPs for our Exchange e-mail. I have configured the Zone record to also fail-over if one of the ISPs becomes unavailable. Because our self-signed certificate only matches the primary MX record, how can I create and add a second certificate to Outlook 2007? Thank you in advance.
September 16th, 2010 12:44pm

You need to create a certificate that handles all the possible names as subject alternative names. ( UCC Cert) And you should really be using 3rd party certificates as well.
Free Windows Admin Tool Kit Click here and download it now
September 16th, 2010 1:45pm

Hi Techie, I agree with Andy, you should create a certificate that include all the possible names. The best way for you is to get a Multi-Domain certificate from the authority. If anything is unclear, please don’t hesitate to let me know and I will be glad to help. Best Regards, Tyler
September 18th, 2010 10:53am

Hi Techie, I agree with Andy, you should create a certificate that include all the possible names. The best way for you is to get a Multi-Domain certificate from the authority. If anything is unclear, please don’t hesitate to let me know and I will be glad to help. Best Regards, Tyler
Free Windows Admin Tool Kit Click here and download it now
September 18th, 2010 5:51pm

Not so sure that it will be of any help to use a SAN / UC certificate in this case as Andy and Tyler suggest. At least it used to be like this: You need a subject common name for the SAN (of course). This name has to be repeated in the SAN list, and it has to be the first entry. Now, perhaps this issue has been fixed without my knowledge ... (?) Which name should I use as Common Name for my UC certificate? http://exchangepedia.com/blog/2007/08/which-name-should-i-use-as-common-name.html Common Name matters for Outlook Anywhere Certificate (Exchange 2007) http://terenceluk.blogspot.com/2010/07/common-name-matters-for-outlook.htmlMCTS: Messaging | MCSE: S+M | Small Business Specialist
September 19th, 2010 1:58am

Not so sure that it will be of any help to use a SAN / UC certificate in this case as Andy and Tyler suggest. At least it used to be like this: You need a subject common name for the SAN (of course). This name has to be repeated in the SAN list, and it has to be the first entry. That's the name you should use for Outlook Anywhere. Now, perhaps this issue has been fixed without my knowledge ... (?) Which name should I use as Common Name for my UC certificate? http://exchangepedia.com/blog/2007/08/which-name-should-i-use-as-common-name.html Common Name matters for Outlook Anywhere Certificate (Exchange 2007) http://terenceluk.blogspot.com/2010/07/common-name-matters-for-outlook.html MCTS: Messaging | MCSE: S+M | Small Business Specialist
Free Windows Admin Tool Kit Click here and download it now
September 19th, 2010 1:58am

You can mitigate that in a couple of ways: Use a GPO to uncheck the "Only connect to Proxy Servers that have this Principal Name in their certificate" box." Article 961112 Policy Settings Or use Windows 7 as the client.
September 19th, 2010 8:31am

AndyD_: You can mitigate that in a couple of ways: Use a GPO to uncheck the "Only connect to Proxy Servers that have this Principal Name in their certificate" box." Or use Windows 7 as the client. Your are of course completely right. Forgot about disabling mutual authentication (even though I've used that solution myself). But how does Windows 7 solve this issue?MCTS: Messaging | MCSE: S+M | Small Business Specialist
Free Windows Admin Tool Kit Click here and download it now
September 20th, 2010 1:49am

AndyD_: You can mitigate that in a couple of ways: Use a GPO to uncheck the "Only connect to Proxy Servers that have this Principal Name in their certificate" box." Or use Windows 7 as the client. Your are of course completely right. Forgot about disabling mutual authentication (even though I've used that solution myself). But how does Windows 7 solve this issue? MCTS: Messaging | MCSE: S+M | Small Business Specialist Outlook Anywhere on Windows 7 will work against any subject name in the UCC cert - even if mutual auth is checked!
September 20th, 2010 8:46am

Thanks a lot for the info, and I think I'll better leave this thread with my tail between my legs. :-( MCTS: Messaging | MCSE: S+M | Small Business Specialist
Free Windows Admin Tool Kit Click here and download it now
September 20th, 2010 9:33am

Thank you all for the replies. I will work on getting a third party, Mulit-Domain certificate from an authority. Gratefully, Techie Taz
September 23rd, 2010 11:50am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics