Choosing SAN Names for your Unified Communications Certificate

Exchange 2007 SAN Name Help

What Subject Alternate Names do I need on my Exchange 2007 Certificate?

The simplest answer is that you need to include any name used to access the Exchange 2007 server.

If you access the server both internally and externally, but the internal and external names are the same, that simplifies things even more (you don't need to repeat duplicate names). If you use different names for internal and external access (e.g., owa.domain.com and owa.domain.local) you will need to include both internal and external names in your certificate.

While we can't tell you exactly what to put in your certificate, we can give you some points to work with:

1. You need to include the fully-qualified domain name and netbios name of your Exchange server(s) (e.g, owa.domain.com and owa.local).
2. If you will be using the autodiscover service, you will need to include an entry for autodiscover (the autodiscover service will automatically use autodiscover.domain.com).

3. If you use the same URL for OWA, Activesync, Outlook Anywhere, or any other service you might be using on the Exchange 2007 server, and do not have any CAS servers involved, you should pretty much be covered.

   If you do use different URLs, make sure to include those as well.

   If you are using any CAS servers, make sure to include the netbios and internal fully-qualified domain name of every CAS server involved.

Now that you know what names you'll need to use in your certificate, feel free to use our Exchange 2007 CSR Wizard for help creating your CSR.

When deciding what names to put on your UC certificate, the most important thing to know is that if you do happen to mess up, fixing the problem is simple - you can reissue the certificate at any time and modify your names at no cost, and adding names past the base four (that come with the certificate) only costs what you would have paid had you added them upfront.

That being said, hopefully this has been straightforward enough that you don't run into any problems.

Related:

• Exchange 2007 CSR Creation Tool
• Exchange 2007 SSL

• • SSL Support Main
  • How to add a SAN in a UC certificate
  • Exchange 2007 CSR Creation
  • Exchange 2007 SSL Certificates
• • Product Overview
  • SSL Plus
  • SSL Plus Comparison
  • Wildcard Plus
  • Wildcard Plus Comparison