Getting ready to buy a cert for my E2K7 CAS. The Hub and Mailbox roles are on a separate server. My server's internal FQDN is server1.contoso.com. My OWA URL is mail.widgets.com. I know my cert needs to have a subject name of mail.widgets.com and a Subject Alternative Name of autodiscover.widgets.com, but does it also need to have Subject Alternative Names for server1.contoso.com and server1 (NetBIOS)? I didn't know if the cert needed these for the server-to-server TLS communication. Thanks.
On Fri, 9 May 2008 16:18:57 -0400, "arm123" wrote: >Getting ready to buy a cert for my E2K7 CAS. The Hub and Mailbox roles are >on a separate server. My server's internal FQDN is server1.contoso.com. My >OWA URL is mail.widgets.com. I know my cert needs to have a subject name of >mail.widgets.com and a Subject Alternative Name of autodiscover.widgets.com, >but does it also need to have Subject Alternative Names for >server1.contoso.com and server1 (NetBIOS)? I didn't know if the cert needed >these for the server-to-server TLS communication. > No, not absolutely required. Will internal users connect to mail.widgets.com? If so, you are covered. >Thanks. >
On Fri, 09 May 2008 18:41:16 -0400, Andy David {MVP} wrote: >On Fri, 9 May 2008 16:18:57 -0400, "arm123" >wrote: > >>Getting ready to buy a cert for my E2K7 CAS. The Hub and Mailbox roles are >>on a separate server. My server's internal FQDN is server1.contoso.com. My >>OWA URL is mail.widgets.com. I know my cert needs to have a subject name of >>mail.widgets.com and a Subject Alternative Name of autodiscover.widgets.com, >>but does it also need to have Subject Alternative Names for >>server1.contoso.com and server1 (NetBIOS)? I didn't know if the cert needed >>these for the server-to-server TLS communication. >> > >No, not absolutely required. >Will internal users connect to mail.widgets.com? If so, you are >covered. Oh and be sure to set the internal autodiscovery stuff to the FQDN you have a certificate for. > > >>Thanks. >>
