SAN/UC certs are really the only way to go and is recommended by Microsoft for Exchange. Often the price increases with the number of domains/server names you add into the cert.
Are internal certs an option? We use an internal MS PKI and issue SAN certs to our servers that can have any and all names we will ever need. This does present a challenge with devices you do not control from accessing OWA and Outlook Anywhere as they typically don't have your internal root certs loaded on them, you have to put them there. On Wed, May 7, 2014 at 1:20 PM, Rami SIK <[email protected]> wrote: > We use UC type certificates, which allows both internal and external FQDNs > to be specified in one cert. > > Regards, > > > > Rami SIK > > Please consider the environment before printing this email > > > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Craig Wardlaw > Sent: Wednesday, May 07, 2014 10:11 AM > To: [email protected] > Subject: [Exchange] new Exchange server > > I am currently setting up a single exchange server to replace hosted email > and after doing some reading it looks like getting the appropriate cert for > it may cause more issues. I have the internal domain xxx.local and the > external domain xxx.ca. > > From Google I see that I will no longer be able to get the internal and > external domains on the cert and there are a couple of ways to mitigate the > problem, I'm not a fan of migrating the domain considering I'm pretty much > the only IT person. > > Just wondering how some of the list people are or have dealt with this > > > Thanks Craig > > > > > ________________________________ > > If this message is not meant for you, do not use it - please let us know, > and then delete it. We try hard to keep our messages and attachments free > of viruses and other malicious programs, but are not liable if our > precautions don't prevent their spread. > > >
