SAN/UCC certificate question.

TheMSsForum.com: The Microsoft Software Forum

So I've read the exchangeteam blogs regarding certificates, autodiscovery and
various options for getting the certificates setup correctly.

I've come to the conclusion that a UCC certificate would work well for my
situation... but only if I could use it on more than one instance. The
certificate I'm looking at is $599 for 10 Subject Alternative Names. They're
kinda spendy, but they'd be awesome if I could have them on more than 1
Exchange server.

For example if I have a server that has the following names resolved to it
faramir.corp.name.com, mail.name.com, webmail.name.com,
autodiscover.corp.name.com and autodiscover.name.com. But I also have an
additional server (in another country) with the following names resolved to
it gimli.corp.name.com, and mail.name.com.au. I'd like to only pay for 1
certificate. Can I make my CSR for the 7 names off of one server, and then
import it, then export my private key and import it and the public key on the
other server use the 1 certificate on both servers?

Has anyone tried this out? Is this a crazy approach?

Thanks, any comments are appreciated,
Ben
Top

Re: SAN/UCC certificate question. by Bharat

Bharat
Fri Sep 21 09:24:15 PDT 2007

Not a crazy approach, but (single subject name) certs are quite inexpensive.

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------------------------


"bmchan" <bmchan@discussions.microsoft.com> wrote in message
news:A3C1B1ED-337F-46A2-92DE-673BC98CFD1E@microsoft.com...
> So I've read the exchangeteam blogs regarding certificates, autodiscovery
> and
> various options for getting the certificates setup correctly.
>
> I've come to the conclusion that a UCC certificate would work well for my
> situation... but only if I could use it on more than one instance. The
> certificate I'm looking at is $599 for 10 Subject Alternative Names.
> They're
> kinda spendy, but they'd be awesome if I could have them on more than 1
> Exchange server.
>
> For example if I have a server that has the following names resolved to it
> faramir.corp.name.com, mail.name.com, webmail.name.com,
> autodiscover.corp.name.com and autodiscover.name.com. But I also have an
> additional server (in another country) with the following names resolved
> to
> it gimli.corp.name.com, and mail.name.com.au. I'd like to only pay for 1
> certificate. Can I make my CSR for the 7 names off of one server, and then
> import it, then export my private key and import it and the public key on
> the
> other server use the 1 certificate on both servers?
>
> Has anyone tried this out? Is this a crazy approach?
>
> Thanks, any comments are appreciated,
> Ben


Top

Re: SAN/UCC certificate question. by bmchan

bmchan
Fri Sep 21 09:42:01 PDT 2007

Bharat,
So then you think it'll work?

I know there are godaddy certs for about $20 a year, but I didn't have good
luck getting them to work with Windows Mobile 5 devices and I didn't want to
have to manually spaddcert each mobile device we have.

And then after that we're then looking at about $159 for a single subject
name or about $259 for one with an subject alternative name. The time
involved short term and long term required to manage and correctly provision
the separate certificates aside. With purchasing the certificates
individually that's about $936 by the time I've gotten enough subject
alternative names.

Thanks for the quick reply!
Ben
Top