Start a discussion

260 views
3 replies

SSL Certificate for both RWA on Windows Server Essentials 2016 & Exchange Server 2016

Hi Everyone,

I'm new to the Server Essentials community and Essentials Server environment so please forgive the rookie questions.

I've followed the detailed tutorials for How to setup Remote Web Access with an SSL certificate on Windows Server Essentials 2016 & How to install Exchange Server 2016 in existing Windows Server Essentials 2016 network.

My question is can you use the same SSL certificate on both for RWA and Exchange 2016, assuming, of course, you have a wildcard or multi- UCC certificate? Can one be imported to the other? If so, how give one is needed for IIS and the other Exchange?

i.e SAN would be remote.server.com for RWA and mail.server.com for exchange.

Thanks, Joe,

 

 

Joe Cesarano Joe Cesarano
Published 04/24/2018 07:51
  • Essentials Experience Role
  • Exchange Server 2016
  • Remote Web Access
Add Comment
Mariette Knap

Hi Joe,

Welcome to the club! If you have a UCC certificate and the Subject Alternative Names are remote.domain.com and mail.domain.com you can use that certificate for RWA and for Exchange Server. As long as the certificate has the domain names you use in setting up Exchange and RWA you are fine but their is one 'gotcha'.

Most small businesses have only one public IP address. Let's say the public IP address is 86.145.145.2 and I have created Host A records for remote.domain.com and mail.domain.com and both have the public IP address set to 86.145.145.2. On your router or firewall traffic for port 443 should be forwarded to the WSE 2016 server and in this example it is on 192.168.16.5 but I have also an Exchange Server 2016 running at 192.168.16.6. So, how do we get traffic for mail.domain.com routed to the Exchange Server at 192.168.16.6? Here is where the magic happens with ARR Application Request Routing kicking in. It analyses the headers of traffic for mail.domain.com and routes it to the internal IP address of the Exchange Server. This is explained in chapter 9 of How to install Exchange Server 2016 in existing Windows Server Essentials 2016 network

Obviously you need to route traffic for SMTP port 25 to the IP address of your Exchange Server, in my case 192.168.16.6.

Does this help?

replied 04/24/2018 08:25
Don Thompson

Really another question.  Will I have success using certify the web to generate the san certificate?  Or is that not worth trying.

replied 10/04/2018 17:22
Mariette Knap

Hello Don,

Yes, I have used Certify the Web successfully with Exchange. It is important that after renewal that you run a custom PS script that tells Exchange about the new certificate.

replied 10/04/2018 17:34
Last Activity 10/04/2018 17:34