Simom, I have not been able to find clear documentation on this and your post is exactly what I was looking for.
THANK YOU!!!!! Matt On Mon, Feb 1, 2010 at 2:05 PM, Simon Butler <si...@sembee.co.uk> wrote: > With SBS 2008, there are two ways to do the SSL certificate installation > – through the wizard, or the regular Exchange 2007 EMS method. > > The wizard method presumes that you are using SRV record method for > Autodiscover, so that the certificate is remote.example.com – a single > name SSL certificate. However most external DNS providers do not support SRV > records. (If you choose to use the DNS providers Microsoft has in their > list, then they do – go figure). > > Therefore you need to use the regular method then you can. However you need > to ensure that the external name that you chose in the wizard for the SBS > Server – usually remote.example.com – is the common name on the SSL > certificate. > > > > Thus you would have > > > > Remote.example.com <http://remote.example.com/> > > Autodiscover.example.com <http://autodiscover.example.com/> > > Server.example.local (server internal FQDN) > > Server (server NETBIOS name) > > > > What I usually do then is change the MX records for SMTP delivery direct to > remote.example.com which then means the SSL certificate also provides TLS > where the remote sending server supports it. > > > > Finally, after installing the certificate manually, you will have to run > the fix my network wizard, because SBS changes the bindings of the SSL site > and some of the sites refuse to work after Exchange has done its thing with > the certificates. > > > > There are articles on the SSL certificate configuration for SBS 2008 on the > SBS Team blog at Microsoft. > > > > In short – it does work, but you have to be careful and use the wizards to > “fix” things afterwards. > > The SBS Best practises tool for SBS 2008 will also flag if the certificate > has screwed up the SSL bindings, so you could run that after getting the > certificate installed and then follow the links to correct it. > > > > Simon. > > > > > > > > -- > Simon Butler > MVP: Exchange, MCSE > Sembee Ltd. > > e: si...@sembee.co.uk > w: http://www.sembee.co.uk/ > w: http://www.amset.info/ > > w: http://blog.sembee.co.uk/ > > Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? > http://CertificatesForExchange.com/ <http://certificatesforexchange.com/>for > certificates from just $23.99. > Need a domain for your certificate? > http://DomainsForExchange.net/<http://domainsforexchange.net/> > > > > Exchange Resources: http://exbpa.com/ > > > > > > > > *From:* Matt Plahtinsky [mailto:cbusitl...@gmail.com] > *Sent:* 01 February 2010 15:24 > *To:* NT System Admin Issues > *Subject:* SBS 2008 Multi Domin Certificate Install > > > > Ok I need some advise here. (SBS 2008) > > > > This is my first SBS install in about 8 or 9 years. I need some advise on > on what's the best way to install a certificate. Normally when I need to > install a certificate with Exchange 2007 I do it the manual way through > powershell. However with a SBS system there quite a few websites being > hosted on the same IIS Server. There is an SSL Install wizard but from the > looks of it it only works with one domain (or does it)? I need to install a > multi domain cert for Exchange 2007. Can I do this from the wizard or do I > need to do this manually. If I do it manually will it screw up the other > built in IIS sites. > > > > Sorry just trying to wrap my brain around how I'm going to do this and my > google-fu is weak this morning..... > > > > Thanks > > > > Matt > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~