Go Premium for a chance to win a PS4. Enter to Win

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 769
  • Last Modified:

How to use cert to setup Outlook anywhere and OWA in Exch 2010 server?

This is a new setup for exchange 2010 server. I heard that there is a self-signed certificate being setup during exch setup. But quite worry that this cert can't support Internet-accessing clients for OWA and Outlook Anywhere. BTW, for both applns, clients accessing them using different URLs. For internal access, user accessing through "exch01.companya.local", and "mail.companya.com" while accessing from Internet. Since self-signed certificate may not supporting, can I use MS CA to do it, and then, what common name should I put? Please show step-by-step, thanks.
1 Solution
Suliman Abu KharroubIT Consultant Commented:
From EMC,

Server configuration node, client access, then right click on the same name--> enable outlook anywhere.

complete the wizard  and you done.
Suliman Abu KharroubIT Consultant Commented:
you need to install a public certificate on the server. here is a Trusted Free public CA you can use to get a certificate for "mail.companya.com" : http://www.startssl.com 

You need to specify the external name as mail.companya.com.

I use theese names
server (dns name without internal domain)
servern.domain.local (dns name internal)
server.domain.com (dns external)
autodiscover.domain.com ( autodiscover external adress.)

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

BalackAuthor Commented:
How about to host 2nd, 3rd, 4th... email domains? For example, now, this exch 2010 is hosting for mail.companya.com only. If next time, I want to host companyb.com, and clients for companyb.com is accessing thru mail.companyb.com URL, what should I do?
Suliman Abu KharroubIT Consultant Commented:
It could be done by creating accepted domain and email address policy.

BalackAuthor Commented:
May be I didn't mention about Outlook anywhere. I am very concern about cert for outlook anywhere. For example, companyA.com, the URL that configured on clientA's outlook is https://oa.companyA.com; For companyB.com, the URL that configured on clientB's outlook would be https://oa.companyB.com; So, if now I want to setup https for companyC.com, can I use back the same cert for it?

If additional DNS names need to access OWA / Outlook Anywhere / Exchange Activesync via this server, you would need to issue a new certificate which includes those names. The certificate should be a SAN / UC certificate and MUST originate from a signed, trusted, 3rd party Certification Authority. GoDaddy offer these certificates at reasonable rates: http://www.godaddy.com.

Whether or not you have to pay again or if you can simply add names and re-issue the certificate is up to the rules set by the CA. GoDaddy would certainly charge you because it is a new certificate. A more expensive CA MAY allow you to add names without paying again, but I can't vouch for that because I don't use them. A certificate is a certificate, and my customers, my employer nor myself want to pay through the roof for one when a cheaper supplier is available.

You could get away with one certificate by having all companies log in via a unified OWA name, e.g. owa.BalackHosting.com. You would need to consider autodiscover, though: the workaround there is to use SRV records at each domain (_autodiscover._tcp.companyB.com) to point autodiscover to autodiscover.BalackHosting.com, which is listed in the certificate. You then shouldn't need to re-issue the certificate when adding a new company to the system.

BalackAuthor Commented:

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now