I have always done it with two separate SAN certificates. The reason for not using a single name SSL certificate is that if you are deploying Outlook 2007 with Outlook Anywhere, then you will also need to deal with Autodiscover.example.com . There is also the concern about the internal Exchange 2007 server name being in a public facing SSL certificate. While I personally don't find it an issue (if someone can use that information then you have much bigger problems to worry about) the clients and their security people are.
If you are only publishing OWA only, then a single name SSL should be fine. Simon. -- Simon Butler MVP: Exchange, MCSE Sembee Ltd. e: si...@sembee.co.uk w: http://www.sembee.co.uk/ w: http://www.amset.info/ w: http://blog.sembee.co.uk/ Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/<http://domainsforexchange.net/> Exchange Resources: http://exbpa.com/ From: Joe Pochedley [mailto:joe.poched...@fivesgroup.com] Sent: 27 May 2010 19:52 To: MS-Exchange Admin Issues Subject: GoDaddy SSL Cert for Exch 2007 Funny, two GoDaddy SSL cert questions in the same day... I need to pick up a new cert for my Exchange 2007 box. However, in front of Exch I'm also running TMG (previously ISA Server) to handle the FBA for OWA clients and pass Activesync through to our single Exchange server... The question I have is this: Do I pick up a single SAN cert and apply that to both the Exchange box and the TMG box (export the private key after completing the request and copy the whole thing to TMG)... Or, do I pick up a SAN cert for the Exch box and a separate standard cert (with the external name only) for the TMG box? I just want to make sure I'm picking up the right certs with the TMG in the mix. Thanks. Joe P
