1

I need an SSL certificate for Exchange 2007 and For SharePoint 2010, can I use the same for both?

My internal domain is xyz.int and my external is xyz.co.uk.
I cannot get an SSL certificate granted for xyz.int because externally it only exists for government organizations.
I am also unable to change my internal domain name.

I am getting a GoDaddy Standard Multiple Domain (UCC) SSL certificate for up to 10 Domains.

  • xyz01 - netbios name
  • xyz - domain name without .int
  • SharePointServerName
  • sharepoint.xyz.co.uk
  • autodiscover.xyz.co.uk
  • EmailServerName
  • mail.xyz.co.uk

What do you think?

I believe I have to set DNS up so mail.xyz.co.uk resolves internally. However for now I just want to know two things.

Are these the correct items to request for my SSL certificate and can I use the certificate for both my Exchange Server and My SharePoint server?

Relentim
  • 302
  • 2
  • 4
  • 9
  • I'm voting to close this question as off-topic because the questioner used a FQDN as his Active-Directory domain name that he does not own. That is not recommended _at all_ – Daniel Apr 26 '16 at 09:32

3 Answers3

2

Is there a reason you can't install certificate services internally, this will allow you to create a certificate yourself for xyz.int and if your internal machines are all on the domain they'll already trust the certificate.

Then you can just get proper externally signed certificates for the external domains.

Whisk
  • 1,883
  • 1
  • 16
  • 21
  • So use self signed certificate internally and use a purchased certificate for external access. That sounds like a good solution. I've found a nice tutorial here http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-exchange-certificates-part2.html – Relentim Jul 12 '10 at 14:32
  • Yep that's a good way to go about it if you don't want the hassle of installing certificate services - if you have a lot of client machines on your domain it's easier to do it with certificate services because they'll already trust it - see http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html – Whisk Jul 13 '10 at 10:38
0

Microsoft does not recommend NetBIOS names on the UCC cert, but it doesn't necessarily hurt. I can't speak specifically for Sharepoint, but best practices for Exchange you want the following:

  • Internal FQDN of all CAS Servers if in an NLB cluster
  • External FQDN of the array or single server
  • Internal FQDN of CAS array or single server
  • Autodiscover.domain.com

You might consider adding what would be the names of additional CAS servers you might use down the road, or the name of the NLB array if you're only using a single server now, so that you won't need to request a new cert from your CA provider.

amargeson
  • 612
  • 3
  • 7
  • I can't use any internal FQDN because our internal domain is .int and we cannot own the external .int domain because it is for government organizations only. – Relentim Jul 09 '10 at 14:21
0

If you plan on using pop, or imap you may want to consider including smtp., pop., and/or imap. in order to allow them to have separate DNS names and still use SSL.

Charles
  • 879
  • 5
  • 9