Exchnage 2007 OWA/ActiveSync SSL Offload

Hello,

 

 

Let me see if I can provide some more clarification on what we are asking. Our current deployment of the exc 2007 CAS services are all tied to a single SSL cert, and thus a single FQDN. When setting up ssl offloading on our big ip's for OWA, OutlookAnywhere, and ActiveSync we found that each of these services require individual customizations (cookies, and persistence profiles etc..) requiring three seperate virtual servers be configured. From the looks of it we can t perform ssl offloading with out modifying FQDN's and purchasing additional certificates or a cert capable of subject alternative names.

 

 

Is there a way to run all three of these externally accessed sites off of one configured virtual server on the big ip's, allowing us to avoid the extra cost of new certificates?

 

 

Thanks in advance for any help provided.

 

 

Chris

Jamie, Chris,

 

 

Have you looked into using UCC certs? They allow for multiple hostnames to be used for this exact reason.

 

 

Plus, the BIG-IP supports the use of them for termination purposes.

 

 

Let me know if you need more details. r.korock@f5.com

 

 

Ryan

 

 

Would the Alternative Name certs work as well?

 

-L

Hi!

 

 

I would like to buy and use UCC certs with my LTM (exchange environment). What do I need to do?

 

 

Steve

Even with the Subject Alternative names you need a different persistence profile for RPC versus https:

 

 

when HTTP_REQUEST {

 

if { [HTTP::header "User-Agent"] contains "MSRPC" } {

 

persist uie [HTTP::header "Authorization"] 3600 }

 

else {

 

persist cookie

 

}

 

}

How can you generate Subject Alternative Names with the F5?

Nick, every CA is going to be different, but most of the time you can just generate the CSR from the BIG-IP with a single primary name. When you go to submit the CSR to your CA, request a SAN Cert, and they will prompt you to add any additional names at that point.