On 08/12/2009 09:50 AM, Goetz Babin-Ebell wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
deblarinteln schrieb:
| Hi,
|
| well I have to create a certificate for our maindomian as well as
for some
| subdomains.
|
| The structure will look pretty much like this:
|
| mydomain.tld
| mail.mydomain.tld
| owa.mydomain.tld
It is called subjectAltName extension.
Goetz
On 08/12/2009 03:15 AM, deblarinteln wrote:
> Hi,
>
> well I have to create a certificate for our maindomian as well as for
some
> subdomains.
>
> The structure will look pretty much like this:
>
> mydomain.tld
> mail.mydomain.tld
> owa.mydomain.tld
>
> ...
>
http://sandbox.rulemaker.net/ngps/m2/howto.ca.html -- To be your own CA.
http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_
--- What Goetz was getting at.
subjectAltName=DNS: mydomain.tld
subjectAltName=DNS: mail.mydomain.tld
subjectAltName=DNS: owa.mydomain.tld
...
So and so forth. (via OpenSSL)
I do believe that Exchange 2007 you're able to use the
New-ExchangeCertificate cmdlet to create a SAN self-signed certificate,
if you want to go that route. Unless you're looking to be your own CA.
http://technet.microsoft.com/en-us/library/aa998327.aspx
> Has anyone of you an idea how to get that done, so that the cert can
finally
> be imported/installed on the exchange 2007 server? What I have found
so far
> is that the Exchange server has to get a .cer file.
>
> All your help is highly appreciated!
>
> Thanks in advance
> Niels
Exchange 2007 will accept either a PKCS7(CER, usually) file -or- a PEM
encoded CRT file.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
