[isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
- From: Jerry Young <jerrygyoungii@xxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Wed, 28 Jan 2009 10:31:46 -0500
Entrust has a good offer for that. Not that spendy, either.
Verisign is another vendor that provides SAN certificates but they cost big
$$$$$. I've never understood why aside from name recognition.
If you go Entrust you will want to make sure that the name of the registrant
for the domain(s) you're using in the SAN certificate matches exactly the
name of the company that "owns" the domain. Otherwise, Entrust won't issue
the certificate.
My current client used "Company Name A, Ltd." for the name of the registrant
of the domain they owned but their legal entity name was "Company Name,
Ltd." and because of that discrepency Entrust wouldn't issue them a
certificate until the name of the registrant was updated to match.
On Tue, Jan 27, 2009 at 8:53 PM, Andy Haigh <ahaigh@xxxxxxxxxxxxxxxx> wrote:
> Can you recommend an SSL vendor that provides SAN Certs that will work.
>
>
>
> Some I have looked at say Single Server, would that cause a problem with
> the cert needing to be on both the Exchange and ISA server?
>
>
>
> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *Steve Moffat
> *Sent:* Wednesday, 28 January 2009 11:38 AM
>
> *To:* ISA Mailing List
> *Subject:* [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
>
>
>
> You need a SAN cert.
>
>
>
> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *Andy Haigh
> *Sent:* Tuesday, January 27, 2009 8:28 PM
> *To:* ISA Mailing List
> *Subject:* [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
>
>
>
> OK, after reading the documents I have a question regarding using a
> commercial SSL certificate.
>
>
>
> With the command (using Tom's example) used to request the certificate:
>
> *New-ExchangeCertificate -GenerateRequest -SubjectName "DC=msfirewall.org,
> DC=com, O=msfirewall, CN=owa.msfirewall.org" -DomainName
> owa.msfirewall.org, smtp.msfirewall.org, autodiscover.msfirewall.org,
> msfirewall.org, exch2007mb.msfirewall.org, exch2007mb -FriendlyName
> "Microsoft Exchange 2007" -Path c:\mailcert.req*
>
> I assume I will be required to purchase a wildcard certificate for this to
> work or can I just purchase a single certificate such as owa.domain.com?
>
>
>
> If they bought a single cert would this still allow them to use owa, RPC
> over HTTPS and activesync? Would it break things like internal autodiscover
> in Outlook 2007?
>
>
>
> Thanks
>
>
>
> Andy
>
>
>
> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *Jim Harrison
> *Sent:* Tuesday, 27 January 2009 4:56 PM
> *To:* isalist@xxxxxxxxxxxxx
> *Subject:* [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
>
>
>
> There are no process changes to ISA that are specific to Exchange SP1
> publishing.
>
> .
>
>
>
>
>
>
>
>
>
>
>
> *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *Andy Haigh
> *Sent:* Monday, January 26, 2009 4:46 PM
> *To:* isalist@xxxxxxxxxxxxx
> *Subject:* [isalist] ISA 2006 SP1 and Exchange 2007 SP1
>
>
>
> Hi,
>
> I am just researching configuring publishing Exchange 2007 SP1 services via
> ISA2006 SP1 and have started reading Tom's articles which I believe are
> based on the pre SP1 versions of both Exchange and ISA Server. Are there any
> differences to the way you would proceed with the setup using SP1 versions
> and if so are there any updated documents covering a SP1 product install.
>
>
>
> Thanks
>
>
>
> Andy
>
--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
Other related posts:
