+ Post New Thread
Results 1 to 14 of 14
Internet Related/Filtering/Firewall Thread, Wildcard SSL Renewal in Technical; We currently have a Comodo wildcard premium ssl certificate due for expiry soon, I have been quotes upwards of 300 ...
  1. #1

    Join Date
    Feb 2012
    Location
    Somerset
    Posts
    82
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Wildcard SSL Renewal

    We currently have a Comodo wildcard premium ssl certificate due for expiry soon, I have been quotes upwards of 300 per year and was wondering where the best place to obtain a new cert from.

    We will be migrating to exchange 2010 soon so do i require a different kind of cert as our internal domain is different to the external.

  2. #2
    grant_girdwood's Avatar
    Join Date
    Jun 2012
    Location
    Bloxx HQ
    Posts
    52
    Thank Post
    1
    Thanked 10 Times in 9 Posts
    Rep Power
    5
    We use Go Daddy for our wildcard cert, we also have a separate certificate for Exchange with Subject Alternative Names.

    However as of 2014/5 you will not be able to reference internal domains as a SAN, not sure what can be done after that time!

  3. #3

    Join Date
    Mar 2008
    Location
    Colchester
    Posts
    154
    Thank Post
    26
    Thanked 30 Times in 24 Posts
    Rep Power
    21
    I use Comodo too and never had any issues , I purchase mine from here . Buy Wildcard Certificate | Comodo Premium Wildcard SSL Certificates I've only needed the basic one at 99 a year.

    You will need to add your wildcard to your exchange server so external people can access it via https , you can also add internal self published certificate if you wish internal users to connect over https. What I do is have copy of DNS internally pointing internally to exchange server ie mail.domain.com goes to internal IP that way you can setup outlook to work internally and externally with the server with mail.domain.com

  4. #4
    mdench's Avatar
    Join Date
    Oct 2011
    Location
    Billingshurst
    Posts
    699
    Thank Post
    30
    Thanked 92 Times in 84 Posts
    Rep Power
    29
    +1 for GoDaddy

  5. #5

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,569
    Thank Post
    868
    Thanked 1,293 Times in 786 Posts
    Blog Entries
    1
    Rep Power
    436
    We (EduGeek) literally just bought a AlphaSSL wildcard cert from Cheap, low cost AlphaSSL SSL Certificates issued within 15 minutes who are a UK based reseller.
    AlphaSSL certs have some of the best compatibility as they issue from a really really old authority.

  6. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,378
    Thank Post
    797
    Thanked 1,585 Times in 1,388 Posts
    Blog Entries
    10
    Rep Power
    427
    We got a 5 year one from 123-reg for 300. It has an exportable key as well.

  7. #7

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,569
    Thank Post
    868
    Thanked 1,293 Times in 786 Posts
    Blog Entries
    1
    Rep Power
    436
    Quote Originally Posted by FN-GM View Post
    It has an exportable key as well.
    They all come with this inherently though dont they?
    123-reg is a company we use very very regularly here and I have never had an issue with them so they are certainly good.
    What company does 123-reg resell?

  8. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,378
    Thank Post
    797
    Thanked 1,585 Times in 1,388 Posts
    Blog Entries
    10
    Rep Power
    427
    Quote Originally Posted by ZeroHour View Post
    They all come with this inherently though dont they?
    123-reg is a company we use very very regularly here and I have never had an issue with them so they are certainly good.
    What company does 123-reg resell?
    Alpha i think.

    Not sure if they do, just can confirm that that one does.

  9. #9

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,129
    Thank Post
    100
    Thanked 217 Times in 176 Posts
    Blog Entries
    1
    Rep Power
    69
    Quote Originally Posted by grant_girdwood View Post

    However as of 2014/5 you will not be able to reference internal domains as a SAN, not sure what can be done after that time!

    OT: I've been wondering about that.... anyone got an ideas / references for how to deal with this in Exchange 2010? Does it still present a problem in Ex2013?

  10. #10

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,378
    Thank Post
    797
    Thanked 1,585 Times in 1,388 Posts
    Blog Entries
    10
    Rep Power
    427
    Quote Originally Posted by psydii View Post
    OT: I've been wondering about that.... anyone got an ideas / references for how to deal with this in Exchange 2010? Does it still present a problem in Ex2013?
    I did it in both Exchange 2010 and 2013 by using the internal name and external name as the same. Then used this powershell to make outlook play nice.

    @psydii This powershell script will make changing the URLS easy.

    Code:
    #
    # Author: Scott Jaworski
    # Website: jaworskiblog.com
    # Version: 1.0
    # Description: This script sets internal and external URL's on the specified Exchange 2013 Client Access Server
    # then displays the results of all the urls that have been set.
    # How to Use: Copy the text file to a location on the Exchange server. Change the .txt extension to .ps1,
    # Open Exchange Management Shell, Browse to the location of the script in EMS, Run .\Set-Exchange2013Vdirs 
    #
    
    Function Set-Exchange2013Vdirs
    {
    $ExServer = Read-Host "Please enter the Exchange 2013 Server Name you'd like to set Vdirs  " 
    $InternalName = Read-Host "Input the internal domain name eg.. IntMail.domain.com  " 
    $ExternalName = Read-Host "Input the external domain name eg. ExtMail.domain.com  " 
    
    Write-Host "Configuring Directories for $ExServer.." -Foregroundcolor Green
    
    Get-WebservicesVirtualDirectory -Server $ExServer | Set-WebservicesVirtualDirectory -InternalURL https://$InternalName/EWS/Exchange.asmx -ExternalURL https://$externalName/EWS/Exchange.asmx
    Get-OwaVirtualDirectory -Server $ExServer | Set-OwaVirtualDirectory -InternalURL https://$InternalName/owa -ExternalURL https://$ExternalName/owa
    Get-ecpVirtualDirectory -Server $ExServer | Set-ecpVirtualDirectory -InternalURL https://$InternalName/ecp -ExternalURL https://$ExternalName/ecp
    Get-ActiveSyncVirtualDirectory -Server $ExServer | Set-ActiveSyncVirtualDirectory -InternalURL https://$InternalName/Microsoft-Server-ActiveSync -ExternalURL https://$ExternalName/Microsoft-Server-ActiveSync
    Get-OABVirtualDirectory -Server $ExServer | Set-OABVirtualDirectory -InternalUrl https://$InternalName/OAB -ExternalURL https://$ExternalName/OAB
    Set-ClientAccessServer $ExServer -AutodiscoverServiceInternalUri https://$internalName/Autodiscover/Autodiscover.xml
    Set-OutlookAnywhere -Identity "$ExServer\Rpc (Default Web Site)" -InternalHostname $internalName -ExternalHostName $ExternalName -InternalClientAuthenticationMethod ntlm -InternalClientsRequireSsl:$True -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl:$True
    
    
    Write-Host "Vdirs have been set to the following.." -Foregroundcolor Green
    Write-Host "$ExServer EWS"
    Get-WebservicesVirtualDirectory -Server $ExServer |Fl internalURL,ExternalURL
    Write-Host "$ExServer OWA"
    Get-OWAVirtualDirectory -Server $ExServer | Fl internalUrl,ExternalURL
    Write-Host "$ExServer ECP"
    Get-ECPVirtualDirectory -Server $ExServer | Fl InternalURL,ExternalURL
    Write-Host "$ExServer ActiveSync"
    Get-ActiveSyncVirtualDirectory -Server $ExServer | Fl InternalURL,ExternalURL
    Write-Host "$ExServer OAB"
    Get-OABVirtualDirectory -Server $ExServer | Fl InternalURL,ExternalURL
    Write-Host "$ExServer Internal Autodiscover URL"
    Get-ClientAccessServer $ExServer | Fl AutodiscoverServiceInternalUri
    Write-Host "$Exserver Outlook Anywhere Settings"
    Get-OutlookAnywhere -Identity "$ExServer\rpc (Default Web Site)" |fl internalhostname,internalclientauthenticationmethod,internalclientsrequiressl,externalhostname,externalclientauthenticationmethod,externalclientsrequiressl
    
    Write-Host "The Powershell URL have not been set as part of this script. Set it if you choose" -ForegroundColor Yellow
    }
    Set-Exchange2013Vdirs
    Last edited by FN-GM; 9th August 2013 at 01:40 PM.

  11. #11

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,129
    Thank Post
    100
    Thanked 217 Times in 176 Posts
    Blog Entries
    1
    Rep Power
    69
    @FN-GM Thanks, so your internal clients now use the public fqdn to access their CAS? If so, does this mean that you internally report an internal IP address for the fqdn, or do your clients have to send the request out through your edge firewall and back in again to access it?

  12. #12

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,378
    Thank Post
    797
    Thanked 1,585 Times in 1,388 Posts
    Blog Entries
    10
    Rep Power
    427
    @psydii I have a zone in the DNS for my external domain name. I then have the record in that zone that points to the internal IP of the CAS. The traffic stays internal and doesn't go to the edge firewall and back in again.

  13. #13

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,129
    Thank Post
    100
    Thanked 217 Times in 176 Posts
    Blog Entries
    1
    Rep Power
    69
    Quote Originally Posted by FN-GM View Post
    @psydii I have a zone in the DNS for my external domain name. I then have the record in that zone that points to the internal IP of the CAS. The traffic stays internal and doesn't go to the edge firewall and back in again.
    Ok. Do you find that clients have any issues as they transition between being inside and outside your networks (e.g. wifi laptops or BYOD phones/tablets)?

  14. #14

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,378
    Thank Post
    797
    Thanked 1,585 Times in 1,388 Posts
    Blog Entries
    10
    Rep Power
    427
    Quote Originally Posted by psydii View Post
    Ok. Do you find that clients have any issues as they transition between being inside and outside your networks (e.g. wifi laptops or BYOD phones/tablets)?
    No issues at all.

SHARE:
+ Post New Thread

Similar Threads

  1. Exchange Autodiscover and wildcard SSL Certificates
    By mrbios in forum Enterprise Software
    Replies: 1
    Last Post: 6th October 2011, 02:02 PM
  2. Exchange ssl cert up for renewal.. who to use?
    By RabbieBurns in forum Internet Related/Filtering/Firewall
    Replies: 29
    Last Post: 9th March 2011, 09:54 AM
  3. SSL Renewals
    By Gatt in forum How do you do....it?
    Replies: 11
    Last Post: 14th October 2010, 12:19 PM
  4. Exchange 2007 Server Wildcard SSL CERT
    By wesleyw in forum Windows
    Replies: 0
    Last Post: 14th August 2009, 12:21 PM
  5. forcing dhcp renew across network
    By russdev in forum Windows
    Replies: 19
    Last Post: 7th October 2005, 10:47 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •