Questions 1 : SAN certificate for multiple domain at Exchange 2007
I would like to host another email domain in my existing Exchange organization. My first question is Can I regenerate CSR and send request to Entrust Certification authority to get the SAN certificate which include more than one domain.
For example SAN cert would be like that
webmail.abc.com
autodiscover.abc.com
webmail.def.com
autodiscover.def.com
Ans1:
From the description, I understand that you want to know how to configure
ISA 2006 to publish OWA with multiple domain name. if there is any
misunderstanding, please let me know.
First of all, you can use SAN certificate. However please confirm with
Entrust (It is your certificate service provider, right?) how to get a SAN
certificate.
And the second, ISA 2006 supports SAN Certificate that are associated with
Web Listeners. However, if you want to use SAN Certificate on published
server (Exchange Server, in your scenario), ISA 2006 SP1 is required.
The following things need be modified for your existed OWA publishing rule:
1. You should Import the SAN certificate into ISA Server and associate it
with your SSL Web Listener. So the clients can establish a SSL connection
to ISA server by using multiple Host name.
2. You should verify the "Site Name" field on "To" tab of your publishing
rule. Make sure it match the subject of the Server Certificate associated
with Exchange OWA web site. If you use SAN Certificate on Exchange Server,
you can choose any SAN entry as "Site Name"
Questions2
I have another question come in my mind about multiple
domain hosting. Please see my previous example again.
My SAN certificate will include
webmail.abc.com
webmail.def.com
Lets say if I have only one CAS server, let say CAS01, I can define only one
external URL for OWA, OAB and active sync.
For example, I define webmail.abc.com
So when client access webmail.def.com from internet, ISA server will direct
the traffic to CAS01. However the external URL configured on CAS01 is
webmail.abc.com.
Will there be any problem or conflict for this kind of configuration?
Answer: 2
The configuration you mentioned will not be a problem. It will be fine
since our SAN certificate includes the host name which the clients will use
to access CAS server.
Question 3
I have another question come in my mind. Please let me use the same example.
I have only one CAS server and configure it's OWA External URL as
http://webmail.abc.com
But my SAN cert has two domain names webmail.abc.com and webmail.def.com. so when outlook anywhere client which email address is user@def.com , they will be able to connect to the mailbox server successfully. However, what Exchange proxy and msstd settings , they will be getting. Would it be https://webmail.abc.com , msstd:webmail.abc.com
Or https://webmail.def.com, msstd:webmail.def.com
Answer: 3
If we publish Outlook Anywhere URL as https://webmail.abc.com, the users
will connect to msstd:webmail.abc.com. The connection point is based on the URL input in Outlook setting, instead of the user's e-mail address.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment