For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Max_West_64748's avatar
Max_West_64748
Icon for Nimbostratus rankNimbostratus
Aug 06, 2010

Exchange 2007 Certificate Generation.

Hi All,     This is probably a very simple question, but after readying through the Exchange 2007 Deployment guide i can't seem to find a section that covers it off for myself, they glance over ...
microsoft
partner
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Aug 06, 2010
Hi Adam,

 

 

I don't think you can get a CA signed cert for internal domains like .local. Or have I misread what you were stating?

 

 

If you have multiple subdomains on the same domain, you could either get a UCC cert which is valid for each explicit subdomain, or get a wildcard cert that's valid for all subdomains like *.domain.com.au.

 

 

If you want LTM to do SSL offloading for you, you'd want to request the cert in PEM format. Or in 10.2 you can upload a PKCS cert as well. Or lastly, you could take any format and convert it using openssl on LTM.

 

 

Also, these days, most major CA certs are recognized by most devices assuming you configure the correct intermediate CA cert. Verisign seems to charge an arm and a leg just because they can. Most CA's will give you a demo cert that you can use to test chaining for specific clients.

 

 

Aaron