Microsoft Exchange and Blackberry Server Specialists

Exchange Server

Exchange 2010

New Exchange Certificate Request - Exchange Configuration Detail

During the wizard for a new SSL request on Exchange 2010, the wizard asks for a lot of URLs. This page explains what each one is used for and provides some examples.

Sharing - this can usually be left unselected.

Client Access Server (Outlook Web App)

This is the name used by users to access OWA, both internally and externally. For a simple implementation, use the same name internally and externally, and setup a split DNS system.

Client Access Server (Exchange ActiveSync)

After enabling this option, the host name that you use can be entered. In most cases this will be the same name as for OWA, to limit the number of host names required.

Example: mail.example.com
For SBS 2011: remote.example.com

Client Access server (Web Services, Outlook Anywhere and Autodiscover)

If you are using Outlook Anywhere, then these options should all be enabled. As with Exchange ActiveSync, the host name that is used is often the same as OWA, to reduce the number of hosts being maintained.

Example: mail.example.com

For Autodiscover, the most common method is to use autodiscover.example.com (where example.com is the name after the @ sign in the email addresses). If you have additional names in the Accepted Domain list then the wizard will populate these automatically.

For a large number of domains, many will use SRV records - but this requires the domain host to support them.

Example: autodiscover.example.com

 

Client Access Server (POP/IMAP)

As with before, the same name is often used. Internally you can use either the server name or the external name. However if you have clients who roam, then you should use the external name everywhere and then use split DNS to ensure that it works internally as well.

For most implementations those, remote access to email is best provided by Outlook Anywhere.

Example: mail.example.com

Unified Messaging server

DO NOT ENABLE THIS OPTION.
You will need to continue to use a self signed SSL certificate for UM, because you cannot get the internal server name on the certificate from a commercial provider.

Example: server.domain.local

Hub Transport Server

This is SMTP traffic.
This setting can be ignored.

Legacy Exchange Server

This is for supporting Exchange 2003 and older.
Exchange 2010 is unable to proxy the request, it simply redirects. Therefore a legacy host name is set. By putting it on this certificate request means that you have one less certificate to worry about. After the installation of the certificate response, export the certificate to a PFX file and import it in to the Exchange 2003 server.

Example: legacy.example.com

Back to SSL Certificate Request