I am so confused about this whole UCC certificates that I need to buy for Exchange Server 2007.I have spent the last 3 weeks reading up on SSL certificates and also autodiscover service for Exchange 2007.I just need somebody to give me a straight answer to my question.I have the following scenario:domain.com = the domain that the exchange server is part of.exchsrv.domain.com = the name of the exchange server.hostingdomain1.co.za = this is acompany that I will be hosting emails for.hostingdomain2.co.za = this is a second company that I will be hosting emails for.My question is: What names must be in the UCC certificate?Information to help you.domain.com has no internal users.hostingdomain1 and hostingdomain2 has only external users that will make use of outlook anywhere.hostingdomain1 and hostingdomain2 are separate companies.Thanks in advanceon your replies.

Hi there,Take note of this Exchange Team blog:"Exchange 2007 lessons learned - generating a certificate with a 3rd party CA" http://msexchangeteam.com/archive/2007/02/19/435472.aspxTo sum it up:autodiscover recordpop3 record (if you want to support it)imap4 records (if you want to support it)smtp record (to support SMTP over TLS)outlook web access record (will be same record used for Outlook Anywhere)Because you are hosting you need to decided if you are giving your hosted companies their own records, or will they share a single unified namespace? Example: can the companies all connect to domain.com for Exchange services, or must they connect to hostingdomainx.co.za, where x is the customer number.Note if you are using a single unified namespace then follow this article to setup autodiscover succesfully for all hosted clients:"Configuring Outlook Anywhere to Use an SSL Certificate with Redirection" http://technet.microsoft.com/en-us/library/bb310764.aspxDoes this help give you a better understanding?Oliver Oliver Moazzezi | Exchange MVP, MCSA:M, MCTS:Exchange 2010, BA (Hons) Anim | http://www.exchange2007.com | http://www.exchange2010.com | http://www.cobweb.com |

Thanks for the reply OliverSorry if I didn't make it clear enough.The two companies will have their own host A records pointing to that Exchange server.And the two comapies will use the domain.com user acount details to log on. example domain.com\usernameThe companies will not make any use of POP3 or IMAP4, just RPC over HTTP (OA).I was looking for someone that can give me the SAN names for the certificate, something like this.mail.hostingdomain1.co.za = OWA and url for OAmail.hostingdomain2.co.za = OWA and url for OAautodiscover.hostingdomain1.co.za = autodiscover serviceautodiscover.hostingdomain2.co.za = autodiscover servicenow this is where I get confused, do I need to add the following names as well?hostingdomain1.co.zahostingdomain2.co.zadomain.comexchsrv.domain.com

why dont you go ahead with a wild card certificate like *.domain.com. Hopefully this will take care of all the URL's in the IIS.Raj

why dont you go ahead with a wild card certificate like *.domain.com. Hopefully this will take care of all the URL's in the IIS. Raj A wildcard cannot have multiple TLD's - won't work in this instance.OliverOliver Moazzezi | Exchange MVP, MCSA:M, MCTS:Exchange 2010, BA (Hons) Anim | http://www.exchange2007.com | http://www.exchange2010.com | http://www.cobweb.com |

Thanks for the reply OliverSorry if I didn't make it clear enough.The two companies will have their own host A records pointing to that Exchange server.And the two comapies will use the domain.com user acount details to log on. example domain.com\usernameThe companies will not make any use of POP3 or IMAP4, just RPC over HTTP (OA).I was looking for someone that can give me the SAN names for the certificate, something like this.mail.hostingdomain1.co.za = OWA and url for OAmail.hostingdomain2.co.za = OWA and url for OAautodiscover.hostingdomain1.co.za = autodiscover serviceautodiscover.hostingdomain2.co.za = autodiscover servicenow this is where I get confused, do I need to add the following names as well?hostingdomain1.co.zahostingdomain2.co.zadomain.comexchsrv.domain.com Hello again :-)I thought I did make it clear. I'll map them out with the information you have given me.mail.hostingdomain1.co.za = OWA and url for OAmail.hostingdomain2.co.za = OWA and url for OAThese are fine.You can also add:autodiscover.hostingdomain1.co.za = autodiscover serviceautodiscover.hostingdomain2.co.za = autodiscover serviceBut please note, you don't have to do this, you can use the autodiscover re-direct option which I linked too in my first post. This would create CNAME records for autodiscover.hostingdomainx.co.za (where x is customer number) pointing to autodiscover.domain.comAlso note for SMTP you will have to create multiple Recieve Connectors if you want to support SMTP over TLS or opportunistic TLS for each customer using the records mail.hostingdomain1.co.za and mail.hostingdomain2.co.za as Recieve Connectors bind a Certificate from the Certificate Store that matches the FQDN that has been set for it.If it is not too much of a problem, and if you are planning to add more than just these two customers, consider using a single unified namespace like I mentioned in my previous reply. As 100 Recieve Conectors for 100 Customers may get a little tedious to manage.I do shared Exchange Hosting for www.cobweb.com, and have for 7 years. including designing both Exchange 2003 and 2007 cloud infrastructures. I have always designed to support a single unified namespace, and if the customer wants more, for example bespoke urls supporting their hosted Exchange seats, then this is extra and designed accordingly - for example I may introduce a combined CAS/HT into the infrastructure to support their requested urls they want to support.Oliver Oliver Moazzezi | Exchange MVP, MCSA:M, MCTS:Exchange 2010, BA (Hons) Anim | http://www.exchange2007.com | http://www.exchange2010.com | http://www.cobweb.com |