Certificate purchase

craignoz said 1 year, 9 months ago:

I have multiple servers in my environment which are going to be requiring certificates from a public CA.

I have:

1 Microsoft Lync Server – 5 SAN’s required

1 Microsoft Lync Edge Server – 1 SAN required

1 Microsoft Exchange Server – 5 SAN’s required

1 Microsoft Sharepoint Server – 1 SAN required

1 IBM Server – 2 SAN’s required

1 Microsoft Forefront TMG Server – No SAN’s for reverse proxy to my Lync Edge server and SharePoint server to allow external access to resources

Among all these I am going to need a certificate to get them all up on the internet, there are 14 SAN names between 2 different domains, one is internal lets say internaldomain.co.uk and the other external lets say domain.com.

As well as these SAN’s I’m also thinking about adding http://www.domain.com to the certificate for future usage.

Ive noticed godaddy do a UC certificate which supports up to 5 domains and 100 SAN’s, if i buy one of these and put all the SAN’s onto it and both domains will I be able to use it with all these servers without issue?

As well as this, does it matter what I put as the main subject name or can it just be any one of the SAN’s?

I know wildcard certs dont work well with Lync so I am not going to be buying one of those.

If this is in the wrong place can someone let me know where i need to post it please.

Thanks

DaveD said 1 year, 9 months ago:

@craignoz

From what I could find it seems that there should not be any issue using a UC Certificate to secure the hostnames on these servers. However, I did notice that you used a .CO.UK extension in your example for the internal name. Because all public domains on a certifiate must be verified by the administrator you would not be able to use a public TLD with an internal name unless you also owned the public domain. However, you would be able to use .LAN, .LOCAL, etc.

As for the primary name on the certificate, know that our certificates cover both the www and now-www versions of the primary common name, while the SANs are only included exactly as entered. As a result, if you wanted to secure both versions of one of your hosts you would likely want it to be the primary name. However, know that the primary common name on the certificate cannot be changed once the certificate is issued, whereas you can add or remove SANs at any time.

craignoz said 1 year, 9 months ago:

Thanks Dave.

Yeah my internal domain is .co.uk (i have inherited it from a previous admin unfortunately). I also own the .co.uk so I should be ok to use it for certificates.

craignoz said 1 year, 9 months ago:

Ok,

So does that mean I can have one name as my main subject name, say http://www.domain.com and all the other required names as SAN’s and then I can use the certifiate for all my requirements?

DaveD said 1 year, 9 months ago:

@craignoz

Yes, you should be able to use this certificate to meet all of your requirements. You will just want to make sure that the primary common name you select is one that will not change since you cannot modify it after the certificate is issued.