Yup, this is why I stopped throwing up Windows 7 postings. For the past two to three weeks, I have been testing and deploying an Exchange 2010 environment. Sadly, while doing this the RC came out. Yet, another thing I need to circle around to.
Anyhow, because I like sharing. I wanted to make a couple comments about the deployment:
To start off, for this deployment I decided to use a single wild card certificate. For example, the certificate subject name is set to something like O=My Company Inc.,C=JP and a subject alternative name is set to something like DNS NAME=*.companyabc.com (BTW - this is just my preference).
For those not familiar with wild card certificates, as the name might suggest, these type of certificates allow you to have one certificate for any number of sub-domains under a parent domain. In other words, a wild card certificate allows you to use a single certificate for all of your various Exchange services. Not to mention, you can also use just one certificate on your TMG implementation for any number of other web based services.
Now... when purchasing your wild card certificate... wait... did I say purchase? Here is my opinion. Unless you really need your certificate to be publicly trusted (yeah because everyone trusts VeriSign). Then you should bite the bullet and deploy some form of "internally trusted" PKI within your organization.
Trust me... it's not only Exchange that will be needing certificates. :>) And, be doing this and not paying outrageous prices, you will save yourself a boatload of money.
The next item I wanted to comment on is about an annoying ISA and TMG issue. I was really hoping that they fixed this in TMG. But, like in its previous brethren, TMG still requires that a friendly name be specified for any certificates you try to use. Otherwise, you get a strange error stating the key usage type is wrong (or something to that effect).
Hopefully, they fix that by RTM.
If you like this, check out some other posts from Tyson:
- When a computer science degree matters, and when it doesn't
- Since when did cloud computing become/need a manifesto?
- Why would one phish using a Certificate Authority (CA) as bait?
- Would I trust you, if everyone else trusted you?
- Here is a good question: Is scripting programming or just systems administration?
- PowerShell boy and the case of the missing cmdlets!
- Fun with PowerShell 2.0 Eventing!
- Creating a custom 404 page to handle link redirection for ASP.NET web applications
Or if you want, you can also check out some of Tyson's latest publications:
- Windows PowerShell Unleashed (2ndEdition)
- Windows Server 2008 Unleashed (Yes, I did help on this book)
Lastly, visit the Microsoft Subnet for more news, blogs, and opinions from around the Internet. Or, sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert)