Solved

How to use cert to setup Outlook anywhere and OWA in Exch 2010 server?

Posted on 2010-11-21
8
757 Views
Last Modified: 2012-05-10
This is a new setup for exchange 2010 server. I heard that there is a self-signed certificate being setup during exch setup. But quite worry that this cert can't support Internet-accessing clients for OWA and Outlook Anywhere. BTW, for both applns, clients accessing them using different URLs. For internal access, user accessing through "exch01.companya.local", and "mail.companya.com" while accessing from Internet. Since self-signed certificate may not supporting, can I use MS CA to do it, and then, what common name should I put? Please show step-by-step, thanks.
0
Comment
Question by:Balack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34182645
From EMC,

Server configuration node, client access, then right click on the same name--> enable outlook anywhere.

complete the wizard  and you done.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34182655
you need to install a public certificate on the server. here is a Trusted Free public CA you can use to get a certificate for "mail.companya.com" : http://www.startssl.com 

You need to specify the external name as mail.companya.com.
0
 
LVL 3

Expert Comment

by:itstod
ID: 34183256
Hello.

I use theese names
SERVER (NETBIOS name)
server (dns name without internal domain)
servern.domain.local (dns name internal)
server.domain.com (dns external)
autodiscover.domain.com ( autodiscover external adress.)

0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 

Author Comment

by:Balack
ID: 34184939
How about to host 2nd, 3rd, 4th... email domains? For example, now, this exch 2010 is hosting for mail.companya.com only. If next time, I want to host companyb.com, and clients for companyb.com is accessing thru mail.companyb.com URL, what should I do?
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34185109
It could be done by creating accepted domain and email address policy.

http://technet.microsoft.com/en-us/library/aa996314.aspx
0
 

Author Comment

by:Balack
ID: 34185410
May be I didn't mention about Outlook anywhere. I am very concern about cert for outlook anywhere. For example, companyA.com, the URL that configured on clientA's outlook is https://oa.companyA.com; For companyB.com, the URL that configured on clientB's outlook would be https://oa.companyB.com; So, if now I want to setup https for companyC.com, can I use back the same cert for it?
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 34221962

If additional DNS names need to access OWA / Outlook Anywhere / Exchange Activesync via this server, you would need to issue a new certificate which includes those names. The certificate should be a SAN / UC certificate and MUST originate from a signed, trusted, 3rd party Certification Authority. GoDaddy offer these certificates at reasonable rates: http://www.godaddy.com.

Whether or not you have to pay again or if you can simply add names and re-issue the certificate is up to the rules set by the CA. GoDaddy would certainly charge you because it is a new certificate. A more expensive CA MAY allow you to add names without paying again, but I can't vouch for that because I don't use them. A certificate is a certificate, and my customers, my employer nor myself want to pay through the roof for one when a cheaper supplier is available.

You could get away with one certificate by having all companies log in via a unified OWA name, e.g. owa.BalackHosting.com. You would need to consider autodiscover, though: the workaround there is to use SRV records at each domain (_autodiscover._tcp.companyB.com) to point autodiscover to autodiscover.BalackHosting.com, which is listed in the certificate. You then shouldn't need to re-issue the certificate when adding a new company to the system.

-Matt
0
 

Author Closing Comment

by:Balack
ID: 34264247
good
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question