Do you have an internal Windows CA? With new products all now making use of certs (E2K7, OCS, SCOM, et al) it makes sense IMO to implement your own CA internally for such certs, using purchased certs at the ISA level of course. This way, you can create and re-create your internal certs as often as you like which is cool if you miss off an important name. :)
The reason I say this is because there are other names to consider. What about autodiscover? Are you planning on that externally? The NetBIOS name can also be useful (optional). There's a good article on this subject here: http://msexchangeteam.com/archive/2007/07/02/445698.aspx -----Original Message----- From: Matt Bullock [mailto:[EMAIL PROTECTED] Sent: 24 January 2008 05:25 To: MS-Exchange Admin Issues Subject: NLB CAS SSL Certs I am trying to figure out the proper SSL cert to purchase. I have two CAS/HUB servers using NLB for redundancy and load balancing, and I wanted to make sure a single SAN cert will do the trick. Would the following names be all I need to include in the cert? Cas1.domain.com Cas2.domain.com Cas1.domain.local Cas2.domain.local Mail.domain.com (NLB address) After installing on the first server, I'll export and install on the second. Thanks, Matt ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
