Exchange 2007 - What Type of SSL certificate required (single domain or UCC)

Hi Ssandoval,

 

 

To answer your questions, you have options where your SSL certs are concerned. The most common deployment we see is a SAN certificate, as it will give you the flexibility to add as many domain names as you need. You could go with a cert for a single domain name, but if problems arise, it might present difficulties in troubleshooting. If money were no object, then a wildcard cert (like *.yourdomain.com) would serve all your needs and then some, but those are pretty expensive.

 

 

As for which names to put in there, that will depend on the names under which you'll have the traffic decrypted. So if you have one domain for OWA, one for Outlook Anywhere, and one for ActiveSync, it might look something like .yourdomain.com, and could potentially have 3 different names. Again, if you have more than that, you'll want to add more to the cert.

 

 

To answer your last question about SSL Certs on HUB/CAS servers...this will depend on whether you're going to have those servers decrypt the incoming traffic. If you plan on assigning that task to the HUB/CAS, then yes, you'll want a cert there. If you're going to have it decrypted upstream, like on the F5 device, then you won't need it on the HUB/CAS.

 

 

I hope that information is helpful--please let me know if you have further questions.

 

 

Cheers,

 

Helen