Join our community. Excellent content, great people! Like what you see? Join us for free
I'm new to the Server Essentials community and Essentials Server environment so please forgive the rookie questions.
I've followed the detailed tutorials for How to setup Remote Web Access with an SSL certificate on Windows Server Essentials 2016 & How to install Exchange Server 2016 in existing Windows Server Essentials 2016 network.
My question is can you use the same SSL certificate on both for RWA and Exchange 2016, assuming, of course, you have a wildcard or multi- UCC certificate? Can one be imported to the other? If so, how give one is needed for IIS and the other Exchange?
i.e SAN would be remote.server.com for RWA and mail.server.com for exchange.
Welcome to the club! If you have a UCC certificate and the Subject Alternative Names are remote.domain.com and mail.domain.com you can use that certificate for RWA and for Exchange Server. As long as the certificate has the domain names you use in setting up Exchange and RWA you are fine but their is one 'gotcha'.
Most small businesses have only one public IP address. Let's say the public IP address is 188.8.131.52 and I have created Host A records for remote.domain.com and mail.domain.com and both have the public IP address set to 184.108.40.206. On your router or firewall traffic for port 443 should be forwarded to the WSE 2016 server and in this example it is on 192.168.16.5 but I have also an Exchange Server 2016 running at 192.168.16.6. So, how do we get traffic for mail.domain.com routed to the Exchange Server at 192.168.16.6? Here is where the magic happens with ARR Application Request Routing kicking in. It analyses the headers of traffic for mail.domain.com and routes it to the internal IP address of the Exchange Server. This is explained in chapter 9 of How to install Exchange Server 2016 in existing Windows Server Essentials 2016 network
Obviously you need to route traffic for SMTP port 25 to the IP address of your Exchange Server, in my case 192.168.16.6.
Does this help?
Really another question. Will I have success using certify the web to generate the san certificate? Or is that not worth trying.
Yes, I have used Certify the Web successfully with Exchange. It is important that after renewal that you run a custom PS script that tells Exchange about the new certificate.