SSL Cert Request for multiple internet facing CAS
Hi,
Slightly confused over the contents of the SSL certificate, different articles show in the Exchange Certificate request you should have e.g.
CAS01.domain...
CAS02.domain...
Cas01
Cas02
As well as your normal external urls for autodiscover, smtp, owa etc.....
The confusion is do you really need cas01 in the SSL SAN certificate as you will already have cas01.domain.... in the Cer request ?
Please advise - none of the MS articles explain the need for the FQDN and netbios name being in the Certificate.
Thanks all.
November 5th, 2008 8:19pm
Hello,
Please refer below article which gives you best practices for Domain Names for a Client Access Server
Creating a Certificate or Certificate Request for TLS
http://technet.microsoft.com/en-us/library/aa998840(EXCHG.80).aspx
Free Windows Admin Tool Kit Click here and download it now
November 5th, 2008 8:30pm
Dear customer:
Best Practices for Domain Names for a Client Access Server
When you create a certificate or certificate request for a Client Access server, the set of domain names that you should include in the request are as follows:
Local or NetBIOS name of the server, for example, owa1
All the accepted domain names for the organization, for example, contoso.com
The fully qualified domain name for the server, for example, owa1.contoso.com
The Autodiscover domain name for the domain, for example, Autodiscover.contoso.com
The load-balance identity of the server if you are using one, for example, owa.contoso.com
So the answer for your question depends on your actually need. In other words, if you want to access CAS via netbios name, you should add cas01 in SAN.
Hope it helps. If anything is unlear, please feel free to let mw know.
Rock Wang - MSFT
November 6th, 2008 6:15am