Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


How to go from UCC SSL Certificate for Autodiscover, OWA e.t.c. to simple self signed certificate on Server 2008 SBS

Posted on 2011-02-11
Medium Priority
Last Modified: 2012-05-11
Hi all,

For reasons best not explained I have a few 2008 SBS Servers which were set up in an overly complicated way with regard to SSL.  I was originally told that to get SBS running properly I had to create external sub domains for autodiscover.domain.com and owa.autodiscover.com e.t.c then get a multi domain (UCC) SSL certificate to cover all the various names and I've done all of this and everything has worked fine.  I've since found out that I no longer need to go down this route and Server 2008 has been tweaked to make things a bit easier.  I've been told that really I could make do with a simple self-signed certificate generated by the server and with just that autodiscover, OWA, Outlook Anywhere e.t.c. will still work just fine.

My question is, how can I "convert" a server that has an expired UCC certificate for autodiscover and owa e.t.c. to one that will function with a self-signed certificate, and how will it affect existing users laptops using Outlook Anywhere, iPhones e.t.c.?

Many thanks

Question by:amlydiate
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 35

Expert Comment

by:Cris Hanna
ID: 34873113
If you make the switch back, every remote device you have...laptops, phones, etc, will be affected and have to be completely re-setup manually.

If you've had this working...simply renew the cert...you'll be much happier and take lots less time
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 34873841
Optionally you could purchase single SSL certs... less than $15/yr for some.  But as Chris points  out you will have to visit every device that depends on the cert.

Author Comment

ID: 34876620
Ok but what would I have to do on each device if I changed?
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 35

Expert Comment

by:Cris Hanna
ID: 34876847
you would have to manually install the self signed cert on all laptops and Windows Mobile Devices
You would have re-run the Exchange Setup on Iphones and ignore the cert warning

Author Comment

ID: 34877328
Brilliant thank you, so as a last question, what do I actually have to do to remove the old certificate and create a new one? I definitely won't end up with autodiscover prompts in outlook as a result of this?


LVL 35

Accepted Solution

Cris Hanna earned 2000 total points
ID: 34879109
ahhh now that's a whole different issue and it is possible you could depending on your configuration.
Some other SBS MVPs have addressed Autodiscover in their blogs
no real need to remove the old cert since it's expired
Just re-run the Setup My Internet Address wizard, select I already have a domain name and select "I want to manage it myself".   When you get to the box to put in your domain name just enter company.com (whatever is appropriate)    By default the certificate will be created for remote.domainname.com    If you wish the certificate for something other than that, click on the Advanced link underneath where you enter your domain name and replace "remote" with mail or whatever.

Complete the wizard
The follow this blog for deploying the new cert to remote devices

Author Closing Comment

ID: 35209842
Thanks that worked a treat!

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question