With SBS 2008, there are two ways to do the SSL certificate installation - through the wizard, or the regular Exchange 2007 EMS method. The wizard method presumes that you are using SRV record method for Autodiscover, so that the certificate is remote.example.com - a single name SSL certificate. However most external DNS providers do not support SRV records. (If you choose to use the DNS providers Microsoft has in their list, then they do - go figure). Therefore you need to use the regular method then you can. However you need to ensure that the external name that you chose in the wizard for the SBS Server - usually remote.example.com - is the common name on the SSL certificate.
Thus you would have Remote.example.com Autodiscover.example.com Server.example.local (server internal FQDN) Server (server NETBIOS name) What I usually do then is change the MX records for SMTP delivery direct to remote.example.com which then means the SSL certificate also provides TLS where the remote sending server supports it. Finally, after installing the certificate manually, you will have to run the fix my network wizard, because SBS changes the bindings of the SSL site and some of the sites refuse to work after Exchange has done its thing with the certificates. There are articles on the SSL certificate configuration for SBS 2008 on the SBS Team blog at Microsoft. In short - it does work, but you have to be careful and use the wizards to "fix" things afterwards. The SBS Best practises tool for SBS 2008 will also flag if the certificate has screwed up the SSL bindings, so you could run that after getting the certificate installed and then follow the links to correct it. Simon. -- Simon Butler MVP: Exchange, MCSE Sembee Ltd. e: [email protected] w: http://www.sembee.co.uk/ w: http://www.amset.info/ w: http://blog.sembee.co.uk/ Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/<http://domainsforexchange.net/> Exchange Resources: http://exbpa.com/ From: Matt Plahtinsky [mailto:[email protected]] Sent: 01 February 2010 15:24 To: NT System Admin Issues Subject: SBS 2008 Multi Domin Certificate Install Ok I need some advise here. (SBS 2008) This is my first SBS install in about 8 or 9 years. I need some advise on on what's the best way to install a certificate. Normally when I need to install a certificate with Exchange 2007 I do it the manual way through powershell. However with a SBS system there quite a few websites being hosted on the same IIS Server. There is an SSL Install wizard but from the looks of it it only works with one domain (or does it)? I need to install a multi domain cert for Exchange 2007. Can I do this from the wizard or do I need to do this manually. If I do it manually will it screw up the other built in IIS sites. Sorry just trying to wrap my brain around how I'm going to do this and my google-fu is weak this morning..... Thanks Matt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
