Good stuff, thanks Ace.

I'm the guy that's never used a 3rd party cert, ever, with SBS ;-). Always
used the self signed certs, and always able to make them do. Worst case is
locked mobile devices, but that's worked around by converting the cert to a
..cab file.

--
-----------------------------------------------
Les Connor [SBS MVP]

"Ace Fekay [MCT]" <aceman@newsgroup> wrote in message
news:#hk4S5gQKHA.3296@newsgroup

> "Bill Glidden" <bill@newsgroup> wrote in message
> news:eggAprYQKHA.4004@newsgroup

>> Les Connor [SBS MVP] wrote:

>>> ps, you can change remote.blah.blah to office.blah.blah in the SBS
>>> wizard by selecting the 'advanced' button. 'remote' is the default
>>> prefix.
>>>

>> Oh, and Les, I can now see and select the Trusted cert in the Wizard. I
>> can also see the for GoDaddy certs that I installed during the saga. All
>> have type=unknown. AND no more Outlook Security nags.
>>
>> Thanks for helping me sort this and pointing me in the general direction
>> of SBS Console, Advanced Mode!
>>
>> Cheers,
>> Bill

>
>
> Les, with an Exchange UC/SAN certificate, you can add those names into one
> cert. The one certificate will allow multiple names added into the
> certificate in what's called a subjective alternate names list. Once
> you've purchased, or have your current certs modified or combined into one
> certificate by GoDaddy (Exchange can use a single cert with multiple names
> and they should be able to combine all of them into one for you and
> pro-rate the price), you can use the Exchange PowerShell Commands to add
> the services the cert will be used for.
>
> Read the following for more info. I also just added a step-by-step in the
> blog, today, to illustrate how to request and import the new cert, as well
> as how to enable the use of the cert for other services, such as IIS,
> SMTP, IMAP, POP, etc. Enabling it for IIS will work for what you want, as
> long as the names that you need, such as rww.domain.com,
> office.domain.com, or whatever else you need, is in the certificate
> subject alternate names list. The manual methods work with SBS 2008, too.
>
> Exchange 2007 UC/SAN Certificate
> http://msmvps.com/blogs/acefekay/arc...rtificate.aspx
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
> Messaging
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>

no worries, we're all in this together ;-)

--
-----------------------------------------------
Les Connor [SBS MVP]

"Ace Fekay [MCT]" <aceman@newsgroup> wrote in message
news:OIybw5gQKHA.3908@newsgroup

> "Bill Glidden" <bill@newsgroup> wrote in message
> news:eggAprYQKHA.4004@newsgroup

>> Les Connor [SBS MVP] wrote:

>>> ps, you can change remote.blah.blah to office.blah.blah in the SBS
>>> wizard by selecting the 'advanced' button. 'remote' is the default
>>> prefix.
>>>

>> Oh, and Les, I can now see and select the Trusted cert in the Wizard. I
>> can also see the for GoDaddy certs that I installed during the saga. All
>> have type=unknown. AND no more Outlook Security nags.
>>
>> Thanks for helping me sort this and pointing me in the general direction
>> of SBS Console, Advanced Mode!
>>
>> Cheers,
>> Bill

>
>
> I meant to address my last post to Bill, not Les. Sorry....
>

"Les Connor [SBS MVP]" <les.connor@newsgroup> wrote in message
news:uYfMlOhQKHA.1232@newsgroup

> no worries, we're all in this together ;-)

Cool, yes we are! :-)

Thanks!

"Les Connor [SBS MVP]" <les.connor@newsgroup> wrote in message
news:%23aogTOhQKHA.5068@newsgroup

> Good stuff, thanks Ace.
>
> I'm the guy that's never used a 3rd party cert, ever, with SBS ;-). Always
> used the self signed certs, and always able to make them do. Worst case is
> locked mobile devices, but that's worked around by converting the cert to
> a .cab file.
>

For my own Ex2007, I never bought a public cert, but I haven't any cases
where I would need it. When connecting to OWA, I would just click on the
trust this cert message. However, I just replaced my BB with an HTC Touch
Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the
iPhone, brighter, too! However, it's Windows Mobile. Guess what? Cert issue
time! So instead of dealing with the cert, I thought let me just get a
single name cert (non UC/SAN) and see if it works. Since I set this domain
up back in 1999 when AD first came out, the mindset and consensus was to use
your public name, so I never changed that. It's only me and a few people
that use the domain. So I figured, what the heck, a single name cert would
work internally and externally for mail.mydomain.com, and I have the same
record created internally. Well, the thing worked fine with the Windows
mobile. It synched up fine. It also works fine for my OWA site, since you
can enable that in Exchange to use the cert for other purposes other than
just internally, such as for IIS, SMTP, IMAP and POP. However, I know I will
have an issue with Outlook Anywhere due to the Autodiscover record, but I
don;t use that anyway. If it comes down to it, and I need that function, I
will dish out the extra $$ for a UC/SAN cert. And here I am using a single
cert for limited capabilities, but I keep pushing to get a UC/SAN cert to my
customers. I figured if they ever need the other functionality, I don;t want
to deal with installing certs on their mobile units, or some of their remote
employees that hardly come into the office and are using Outlook Anywhere.

I guess you can call me the landscaper with the tallest lawn on the block!
:-)

Ace

Ace Fekay [MCT] wrote:

> "Les Connor [SBS MVP]" <les.connor@newsgroup> wrote in message
> news:%23aogTOhQKHA.5068@newsgroup

>> Good stuff, thanks Ace.
>>
>> I'm the guy that's never used a 3rd party cert, ever, with SBS ;-). Always
>> used the self signed certs, and always able to make them do. Worst case is
>> locked mobile devices, but that's worked around by converting the cert to
>> a .cab file.
>>

>
> For my own Ex2007, I never bought a public cert, but I haven't any cases
> where I would need it. When connecting to OWA, I would just click on the
> trust this cert message. However, I just replaced my BB with an HTC Touch
> Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the
> iPhone, brighter, too! However, it's Windows Mobile. Guess what? Cert issue
> time! So instead of dealing with the cert, I thought let me just get a
> single name cert (non UC/SAN) and see if it works. Since I set this domain
> up back in 1999 when AD first came out, the mindset and consensus was to use
> your public name, so I never changed that. It's only me and a few people
> that use the domain. So I figured, what the heck, a single name cert would
> work internally and externally for mail.mydomain.com, and I have the same
> record created internally. Well, the thing worked fine with the Windows
> mobile. It synched up fine. It also works fine for my OWA site, since you
> can enable that in Exchange to use the cert for other purposes other than
> just internally, such as for IIS, SMTP, IMAP and POP. However, I know I will
> have an issue with Outlook Anywhere due to the Autodiscover record, but I
> don;t use that anyway. If it comes down to it, and I need that function, I
> will dish out the extra $$ for a UC/SAN cert. And here I am using a single
> cert for limited capabilities, but I keep pushing to get a UC/SAN cert to my
> customers. I figured if they ever need the other functionality, I don;t want
> to deal with installing certs on their mobile units, or some of their remote
> employees that hardly come into the office and are using Outlook Anywhere.
>
> I guess you can call me the landscaper with the tallest lawn on the block!
> :-)
>
> Ace
>
>

Thanks for all the good info, Ace.

Bill

"Bill Glidden" <bill@newsgroup> wrote in message
news:4AC4AB1E.6090302@newsgroup

> Ace Fekay [MCT] wrote:

>> "Les Connor [SBS MVP]" <les.connor@newsgroup> wrote in message
>> news:%23aogTOhQKHA.5068@newsgroup

>>> Good stuff, thanks Ace.
>>>
>>> I'm the guy that's never used a 3rd party cert, ever, with SBS ;-).
>>> Always used the self signed certs, and always able to make them do.
>>> Worst case is locked mobile devices, but that's worked around by
>>> converting the cert to a .cab file.
>>>

>>
>> For my own Ex2007, I never bought a public cert, but I haven't any cases
>> where I would need it. When connecting to OWA, I would just click on the
>> trust this cert message. However, I just replaced my BB with an HTC Touch
>> Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the
>> iPhone, brighter, too! However, it's Windows Mobile. Guess what? Cert
>> issue time! So instead of dealing with the cert, I thought let me just
>> get a single name cert (non UC/SAN) and see if it works. Since I set this
>> domain up back in 1999 when AD first came out, the mindset and consensus
>> was to use your public name, so I never changed that. It's only me and a
>> few people that use the domain. So I figured, what the heck, a single
>> name cert would work internally and externally for mail.mydomain.com, and
>> I have the same record created internally. Well, the thing worked fine
>> with the Windows mobile. It synched up fine. It also works fine for my
>> OWA site, since you can enable that in Exchange to use the cert for other
>> purposes other than just internally, such as for IIS, SMTP, IMAP and POP.
>> However, I know I will have an issue with Outlook Anywhere due to the
>> Autodiscover record, but I don;t use that anyway. If it comes down to it,
>> and I need that function, I will dish out the extra $$ for a UC/SAN cert.
>> And here I am using a single cert for limited capabilities, but I keep
>> pushing to get a UC/SAN cert to my customers. I figured if they ever need
>> the other functionality, I don;t want to deal with installing certs on
>> their mobile units, or some of their remote employees that hardly come
>> into the office and are using Outlook Anywhere.
>>
>> I guess you can call me the landscaper with the tallest lawn on the
>> block! :-)
>>
>> Ace

> Thanks for all the good info, Ace.
>
> Bill

You are welcome!

Ace

Ace Fekay [MCT] wrote:

> "Les Connor [SBS MVP]" <les.connor@newsgroup> wrote in message
> news:%23aogTOhQKHA.5068@newsgroup

>> Good stuff, thanks Ace.
>>
>> I'm the guy that's never used a 3rd party cert, ever, with SBS ;-). Always
>> used the self signed certs, and always able to make them do. Worst case is
>> locked mobile devices, but that's worked around by converting the cert to
>> a .cab file.
>>

>
> For my own Ex2007, I never bought a public cert, but I haven't any cases
> where I would need it. When connecting to OWA, I would just click on the
> trust this cert message. However, I just replaced my BB with an HTC Touch
> Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the
> iPhone, brighter, too! However, it's Windows Mobile. Guess what? Cert issue
> time! So instead of dealing with the cert, I thought let me just get a
> single name cert (non UC/SAN) and see if it works. Since I set this domain
> up back in 1999 when AD first came out, the mindset and consensus was to use
> your public name, so I never changed that. It's only me and a few people
> that use the domain. So I figured, what the heck, a single name cert would
> work internally and externally for mail.mydomain.com, and I have the same
> record created internally. Well, the thing worked fine with the Windows
> mobile. It synched up fine. It also works fine for my OWA site, since you
> can enable that in Exchange to use the cert for other purposes other than
> just internally, such as for IIS, SMTP, IMAP and POP. However, I know I will
> have an issue with Outlook Anywhere due to the Autodiscover record, but I
> don;t use that anyway. If it comes down to it, and I need that function, I
> will dish out the extra $$ for a UC/SAN cert. And here I am using a single
> cert for limited capabilities, but I keep pushing to get a UC/SAN cert to my
> customers. I figured if they ever need the other functionality, I don;t want
> to deal with installing certs on their mobile units, or some of their remote
> employees that hardly come into the office and are using Outlook Anywhere.
>
> I guess you can call me the landscaper with the tallest lawn on the block!
> :-)
>
> Ace
>
>

Thanks for all the good info, Ace.

Bill

SBS 2k8 deploys the self signed cert onto WM6 automatically. I have an HTC
diamond touch, no issues at all.

--
-----------------------------------------------
Les Connor [SBS MVP]

"Ace Fekay [MCT]" <aceman@newsgroup> wrote in message
news:eBb$ZNlQKHA.3876@newsgroup

> "Les Connor [SBS MVP]" <les.connor@newsgroup> wrote in message
> news:%23aogTOhQKHA.5068@newsgroup

>> Good stuff, thanks Ace.
>>
>> I'm the guy that's never used a 3rd party cert, ever, with SBS ;-).
>> Always used the self signed certs, and always able to make them do. Worst
>> case is locked mobile devices, but that's worked around by converting the
>> cert to a .cab file.
>>

>
> For my own Ex2007, I never bought a public cert, but I haven't any cases
> where I would need it. When connecting to OWA, I would just click on the
> trust this cert message. However, I just replaced my BB with an HTC Touch
> Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the
> iPhone, brighter, too! However, it's Windows Mobile. Guess what? Cert
> issue time! So instead of dealing with the cert, I thought let me just get
> a single name cert (non UC/SAN) and see if it works. Since I set this
> domain up back in 1999 when AD first came out, the mindset and consensus
> was to use your public name, so I never changed that. It's only me and a
> few people that use the domain. So I figured, what the heck, a single
> name cert would work internally and externally for mail.mydomain.com, and
> I have the same record created internally. Well, the thing worked fine
> with the Windows mobile. It synched up fine. It also works fine for my OWA
> site, since you can enable that in Exchange to use the cert for other
> purposes other than just internally, such as for IIS, SMTP, IMAP and POP.
> However, I know I will have an issue with Outlook Anywhere due to the
> Autodiscover record, but I don;t use that anyway. If it comes down to it,
> and I need that function, I will dish out the extra $$ for a UC/SAN cert.
> And here I am using a single cert for limited capabilities, but I keep
> pushing to get a UC/SAN cert to my customers. I figured if they ever need
> the other functionality, I don;t want to deal with installing certs on
> their mobile units, or some of their remote employees that hardly come
> into the office and are using Outlook Anywhere.
>
> I guess you can call me the landscaper with the tallest lawn on the block!
> :-)
>
> Ace
>

"Bill Glidden" <bill@newsgroup> wrote in message
news:uZPt15tQKHA.1280@newsgroup

>
> Thanks for all the good info, Ace.
>
> Bill
>

You are welcome!

Ace

"Les Connor [SBS MVP]" <les.connor@newsgroup> wrote in message
news:uL7fRlxQKHA.4592@newsgroup

> SBS 2k8 deploys the self signed cert onto WM6 automatically. I have an HTC
> diamond touch, no issues at all.
>

That I didn't know. Thanks!

Ace