Que subdomínios um certificado SSL do Exchange 2013 exige?

3

Eu preciso solicitar um certificado SSL para um servidor do Exchange 2013.

Vou pedir uma UC Certificado de Comodo Group Inc .

Entendo que preciso especificar os subdomínios abaixo ao fazer o pedido:

  1. autodiscover.
  2. mail.

Existem outros subdomínios que eu preciso especificar para um servidor do Exchange 2013? Eu pergunto porque um Certificado de UC permite 3 subdomínios, o que me leva a pensar que estou perdendo um.

    
por SMW 29.04.2015 / 21:21

3 respostas

2

Sim, normalmente mail e autodiscover serão tudo o que você precisa se mail.yourdomain.com for seu FQDN do Exchange.

Consulte a documentação do Certificados Digitais e SSL do Exchange 2013 que afirma:

Best practice: Use the Exchange certificate wizard to request certificates*

There are many services in Exchange that use certificates. A common error when requesting certificates is to make the request without including the correct set of service names. The certificate wizard in the Exchange Administration Center will help you include the correct list of names in the certificate request. The wizard lets you specify which services the certificate has to work with and, based on the services selected, includes the names that you must have in the certificate so that it can be used with those services. Run the certificate wizard when you've deployed your initial set of Exchange 2013 servers and determined which host names to use for the different services for your deployment. Ideally you'll only have to run the certificate wizard one time for each Active Directory site where you deploy Exchange.

Instead of worrying about forgetting a host name in the SAN list of the certificate that you purchase, you can use a certification authority that offers, at no charge, a grace period during which you can return a certificate and request the same new certificate with a few additional host names.

Ele ainda afirma:

Best practice: Use as few host names as possible

In addition to using as few certificates as possible, you should also use as few host names as possible. This practice can save money. Many certificate providers charge a fee based on the number of host names you add to your certificate.

The most important step you can take to reduce the number of host names that you must have and, therefore, the complexity of your certificate management, is not to include individual server host names in your certificate's subject alternative names.

The host names you must include in your Exchange certificates are the host names used by client applications to connect to Exchange. The following is a list of typical host names that would be required for a company named Contoso:

Mail.contoso.com This host name covers most connections to Exchange, including Microsoft Outlook, Outlook Web App, Outlook Anywhere, the Offline Address Book, Exchange Web Services, POP3, IMAP4, SMTP, Exchange Control Panel, and ActiveSync.

Autodiscover.contoso.com This host name is used by clients that support Autodiscover, including Microsoft Office Outlook 2007 and later versions, Exchange ActiveSync, and Exchange Web Services clients.

Legacy.contoso.com This host name is required in a coexistence scenario with Exchange 2007 and Exchange 2013. If you'll have clients with mailboxes on Exchange 2007 and Exchange 2013, configuring a legacy host name prevents your users from having to learn a second URL during the upgrade process.

    
por 29.04.2015 / 21:42
1

Uma palavra de conselho. As autoridades de certificação estão eliminando gradualmente os Certificados de Certificação da UC para .local, de modo ideal que você deve migrar para o seu domínio.com. Os certificados SSL de domínio múltiplo são geralmente mais baratos que um Certificado de UC e em breve servirão ao mesmo propósito. Os padrões para o SBS são mail.contoso.com, remote.contoso.com e autodiscover.contoso.com.

Para um ambiente normal do Exchange, mail.contoso.com e autodiscover.contoso.com são o que é necessário. Não se esqueça de adicionar o autodiscover.contoso.com aos seus registros DNS do domínio externo aqui. Eu tenho visto owa.contoso.com, mas sinceramente não é necessário.

    
por 30.04.2015 / 04:01
0

Para instalar o certificado de UC no Exchange Server 2013, você precisa ponderar sobre subdomínios de descoberta automática, email e OWA.

  • owa.yourdomain.com requer acesso à web do outlook
  • mail.yourdomain.com requer um nome de host do servidor de e-mail
  • autodiscover.yourdomain.com para configuração automática dos clientes de email, respectivamente.

Você deve avaliar seus requisitos antes de gerar o CSR e configurar o SSL no Exchange Server 2013.

    
por 30.04.2015 / 13:34