Simom,
I have not been able to find clear documentation on this and your post is
exactly what I was looking for.

THANK YOU!!!!!

Matt




On Mon, Feb 1, 2010 at 2:05 PM, Simon Butler <si...@sembee.co.uk> wrote:

>  With SBS 2008, there are two ways to do the SSL certificate installation
> – through the wizard, or the regular Exchange 2007 EMS method.
>
> The wizard method presumes that you are using SRV record method for
> Autodiscover, so that the certificate is remote.example.com – a single
> name SSL certificate. However most external DNS providers do not support SRV
> records. (If you choose to use the DNS providers Microsoft has in their
> list, then they do – go figure).
>
> Therefore you need to use the regular method then you can. However you need
> to ensure that the external name that you chose in the wizard for the SBS
> Server – usually remote.example.com – is the common name on the SSL
> certificate.
>
>
>
> Thus you would have
>
>
>
> Remote.example.com <http://remote.example.com/>
>
> Autodiscover.example.com <http://autodiscover.example.com/>
>
> Server.example.local (server internal FQDN)
>
> Server (server NETBIOS name)
>
>
>
> What I usually do then is change the MX records for SMTP delivery direct to
> remote.example.com which then means the SSL certificate also provides TLS
> where the remote sending server supports it.
>
>
>
> Finally, after installing the certificate manually, you will have to run
> the fix my network wizard, because SBS changes the bindings of the SSL site
> and some of the sites refuse to work after Exchange has done its thing with
> the certificates.
>
>
>
> There are articles on the SSL certificate configuration for SBS 2008 on the
> SBS Team blog at Microsoft.
>
>
>
> In short – it does work, but you have to be careful and use the wizards to
> “fix” things afterwards.
>
> The SBS Best practises tool for SBS 2008 will also flag if the certificate
> has screwed up the SSL bindings, so you could run that after getting the
> certificate installed and then follow the links to correct it.
>
>
>
> Simon.
>
>
>
>
>
>
>
> --
> Simon Butler
> MVP: Exchange, MCSE
> Sembee Ltd.
>
> e: si...@sembee.co.uk
> w: http://www.sembee.co.uk/
> w: http://www.amset.info/
>
> w: http://blog.sembee.co.uk/
>
> Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
> http://CertificatesForExchange.com/ <http://certificatesforexchange.com/>for 
> certificates from just $23.99.
> Need a domain for your certificate? 
> http://DomainsForExchange.net/<http://domainsforexchange.net/>
>
>
>
> Exchange Resources: http://exbpa.com/
>
>
>
>
>
>
>
> *From:* Matt Plahtinsky [mailto:cbusitl...@gmail.com]
> *Sent:* 01 February 2010 15:24
> *To:* NT System Admin Issues
> *Subject:* SBS 2008 Multi Domin Certificate Install
>
>
>
> Ok I need some advise here.  (SBS 2008)
>
>
>
> This is my first SBS install in about 8 or 9 years.  I need some advise on
> on what's the best way to install a certificate.  Normally when I need to
> install a certificate with Exchange 2007 I do it the manual way through
> powershell.  However with a SBS system there quite a few websites being
> hosted on the same IIS Server.  There is an SSL Install wizard but from the
> looks of it it only works with one domain (or does it)?  I need to install a
> multi domain cert for Exchange 2007.  Can I do this from the wizard or do I
> need to do this manually.  If I do it manually will it screw up the other
> built in IIS sites.
>
>
>
> Sorry just trying to wrap my brain around how I'm going to do this and my
> google-fu is weak this morning.....
>
>
>
> Thanks
>
>
>
> Matt
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to