setting up Exchange 2007 for a customer, have question regarding SSL license

[Young Grasshopper]

i set up a single server Exchange 07 box for a customer. purchased a cheapy $12 SSL license from Geotrust for webmail.xxxx.com. Works fine but now i want to add outlook anywhere, and i would need to create another ssl cert of autodiscover.xxx.com. will this work? my co-worker tells me i can only have 1 SSL cert per ip unless i purchase a SAN cert.


also, could i just use the existing webmail A record for outlook anywhere as well?


thanks
mark

 

[Red Squirrel]

Yes only 1 cert per IP, so you'll need to purchase another cert OR just do webmail.xxxx.com/autodiscover.

I think there are wildcard certs that may work though, rather then a cert that goes to webmail.xxxx.com it will go to *.xxxx.com so it works for any sub domain.

 

[Saga]

We did a wildcard cert that included:

webmail.domain.com
autodiscover.domain.com
servername.domain.com
servername

In that order. This was recommended from Microsoft for our environment (internal exchange server with no client access DMZ external-facing machine). Essentially autodiscover does most of the work for 2007 Exchange's usage of webmail and Outlook Anywhere (assuming you use OA).

PM if you have problems, I've setup probably a dozen different 2007 Exchange environments now so I'm running out of one-offs to have to try to fix..

 

[Czar]

Been using wildcard certs fora long time here.

And been using multiple ssl sites per ip, its a PAIN in Win2003r2.

Nothing wrong with wildcards, though you might end up needing to ditch them in certain situations. We use nokia phones to connect to the outlook webaccess and those dont work with wildcards.

So test, you can often get 30 day trial certs to try out.

 

[Thor86]

Or just use autodiscover.yourdomain.com for OWA/Webmail, be done with this SAN certificate garbage.