locked
UM certificate requirement? RRS feed

  • Question

  • I've heard conflicting things.  Some people say that for UM to work, the servername can be ANYWHERE in the certificate. 

    For example:
    CN = mail.domain.com
    SAN = mail.domain.com
    SAN = servername.domain.com
    SAN = autodiscover.domain.com

    On the other hand, I've heard people say for UM to OCS integration to work, the servername has to be either the CN or the 1st SAN.

    For example:
    CN = servername.domain.com
    SAN = servername.domain.com
    SAN = mail.domain.com
    SAN = autodiscover.domain.com

    Can anyone who has actually done this please let me know whether you actually NEED the servername FQDN listed in the CN and 1st SAN for it to work with OCS integration or can you have it anywhere in the certificate.

    Thanks.


    Saturday, May 17, 2008 1:46 AM

All replies

  • SAN should not be a problem

    Tuesday, May 20, 2008 11:15 PM
  • Additoinally, what you've heard about the certificates requiring the Subject Name to match the first entry in the Subject Alternative Name field may have been in relation to ISA 2006 (and not OCS), which currently has that limitation.
    Wednesday, May 21, 2008 1:07 AM
    Moderator