Forum Discussion
Max_West_64748
Aug 10, 2010Nimbostratus
Thanks for the reply Aaron.
A bit of background might help out as well. Feel free to tell me if I'm going about this the wrong way completely!
Our internal domain is "domain1.com.au" which unfortunately we don't own (someone else does, something legacy that's been inherited), i believe this means we have to get a Domain Authorisation Letter to have anything "domain1.com.au" on the cert which i don't think will happen.
Instead I am using split DNS (which I've set up specifically for this purpose) to resolve our external domain (domain2.com.au) internally for the addresses we'll need for exchange e.g. owa.domain2.com.au, autodiscover.domain2.com.au and mail.domain2.com.au
Does that sound reasonable?
I'd then go and generate the cert request from one of my CA Servers with something along the lines of this:
New-ExchangeCertificate -GenerateRequest -Path c:\filepath.csr -DomainName cas1 cas2 mail.domain2.com.au, autodiscover.domain2.com.au, owa.domain2.com.au -FriendlyName "Exchange Hosting SAN Certificate" -GenerateRequest:$True -Keysize 1024 -path c:\Exchangehosting.txt -privatekeyExportable:$true -subjectName "c=au, o="company", CN=domain2.com.au"
I've included both CA Servers, Is that's correct?
I'd then submit the CSR to Verisign (i know they're overpriced, company policy preferred CA)
When i get the cert back, I import it into our BIG IP as per the deployment guide, and go about configuring exchange to work without doing the SSL compoment?
I realise this has been long, thanks again for your help.
Cheers,
Adam