Originally Posted by sidewinder
Yep any educational institution
for a san cert, you need to create the the cert request (so for you in exchange with at the end of the wizard you should have all you san names)
apply for the cert order order, has soon as soon as you get your cert order email with the order number make a support ticket and state you would like a free san cert and write down the following san name you need along with your order number.
help, I'm about to make a cert request but need some pointers on the last few fields. I've half filled it in but I think I need to make an ldap request to make sure I fill in the last few fields correctly.
c should equal UK?
New-ExchangeCertificate -GenerateRequest -DomainName bemail.beaminster.dorset.sch.uk, autodiscover.beaminster.dorset.sch.uk, exchange.dcc-sch-4505.local, exchange -FriendlyName beaminsterschexchange -KeySize 1024 -PrivateKeyExportable:$True -SubjectName "c=US o=contoso inc, CN=server01.contoso.com" -Path c:\certrequest.txt
o ? I can't find organisation in Active directory?
cn should equal the servers local or public name?
external name bemail.beaminster.dorset.sch.uk
internal name exchange.dcc-sch-4505.local
I don't have the autodiscover service working (I think) but I don't see the harm in including it. All my 2003 and 2010 outlook clients work fine as do the owa clients. I have to set them up by hand but no biggie.
Personally I would not do it this way. I would advise you if you haven't all ready is to add "beaminster.dorset.sch.uk" as a DNS zone in your internal DNS server(s). Add the bemail as a A Record in that zone. You can then configure your Exchange server to use the same name internally and externally (bemail.beaminster.dorset.sch.uk), this will make it a ton easier being the same. Personally to make sure you have not gone wrong with powershell code, you can create the SSL cert the the Exchange console.
@pritchardavid Yes, that is the way for single name certs. Which I now realize I have todo as the UC certs are not free :(
Do I have to setup a DNS Zone? I can already ping bemail.beaminster.dorset.sch.uk locally and get the local ip address. (and I can RDP to it using bemail)
This may upset my outlook clients as they connect to exchange.dcc-sch-4505.local ?
What is your internal domain? Is it... dcc-sch-4505.local? What did you request/got for your certificate in the end? Advantages of using the internal DNS zone is it quicker (doesn't have to access the I internet to find DNS records)