I’v just started looking into buying a new cert to upgrade from our 2003 SBS server to Exchange 2010.
Since Exchange 2010 uses 3 (in our case) subdomains then would that mean we need to have 3 external IP addresses too?
As each of these domains are used both internally and externally.
mail.company.com autodiscover.company.com legacy.company.com
Or am I missing something?
I know with web servers you can use SNI to get multiple certs on one IP, but I also know that this isn’t supported to well with older browsers, thus people tend to not use SNI.
Only if you need to support Windows XP/2003 clients must you avoid SNI. Vista/2008 and later have full support for SNI. For more, see Multiple SSL domains on the same IP address and same port?
You could also use a wildcard certificate, or a certificate using multiple subject alternate names, sometimes marketed as a “unified communication” certificate; such a certificate would allow you to continue using a single IPv4 address.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.