Home
Certification Preparation
Microsoft
Exchange Server & Office Communications Server Exams
mutiply autodiscover domains
DevilWAH
Hi,
hoping some one can help,
if i have two domains set up in exchange
Company.com
office.com
that I want to set up autodiscovery and EWS on, can i simple install two separate certs on the server one for each domain?
People are saying you have to have one cert with both domains as separate SAN's, but this is not possible with how our domains are registered and how we have to apply for certs. Am i correct you simple install the public certs on to the server and then they are used as needed?
Thanks
Find more posts tagged with
Comments
rsutton
You need one certificate with multiple SAN's. Two certs wont work.
DevilWAH
why does it have to be one? for any thing else you can use a different cert for each domain/listener. Whats the reason it has to be a single cert, and how does this work if you can't get a single cert to cover it?
For example if i was hosting multiply exchange domains for clients, it would not be possible or at least easy to get a single cert with all the domains listed.
rsutton
Multi-tenant environments use autodiscover redirect (cname record) so the SSL cert need only have a CN and SAN's for the hosting company's domain.
DevilWAH
Ahh..
So basically the full story is we are using lync, and the sip domain is different to our company domain. But from what you are saying we should redirect the sip admin auto discover in dns using a cname recourd to point to our internal auto discover domain recourd that already has all the certs set up.
So it's just a case of a crecourd that says
autodiscover.sip.com. Points to autodiscover.company.com? And clients should be happy
Claymoore
That will handle the DNS portion but the client will still expect a server response with the Autodiscover.sip.com name in the certificate. That's why you need multiple names in the cert and one of the reasons SAN (Subject Alternate Name) certs and now commonly referred to as UCC (Unified Communications and Collaborations) certificates. I always have to install a UCC cert on an Exchange server to handle the names for all the services and domains. I have a client where we have to support over 100 domain/service names.
If you have a certificate mismatch, the service will fail. When you browse a website and the certificate does not match, you get a warning but can still choose to continue. When Outlook, Lync, or an Autodiscover service request encounter a certificate error, they just fail.
DevilWAH
Changing the server recourd to point to the main domain auto discover address has sorted the issue I think. Clients are now connecting to ews and using auto discover with out issues even though there is no cert installed for autodiscover.sipdomin.com
i assume because clients look at the server recourd and this replies with the company.domain address. Which when they use has the correct cert.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
