Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 804
  • Last Modified:

How to go from UCC SSL Certificate for Autodiscover, OWA e.t.c. to simple self signed certificate on Server 2008 SBS

Hi all,

For reasons best not explained I have a few 2008 SBS Servers which were set up in an overly complicated way with regard to SSL.  I was originally told that to get SBS running properly I had to create external sub domains for autodiscover.domain.com and owa.autodiscover.com e.t.c then get a multi domain (UCC) SSL certificate to cover all the various names and I've done all of this and everything has worked fine.  I've since found out that I no longer need to go down this route and Server 2008 has been tweaked to make things a bit easier.  I've been told that really I could make do with a simple self-signed certificate generated by the server and with just that autodiscover, OWA, Outlook Anywhere e.t.c. will still work just fine.

My question is, how can I "convert" a server that has an expired UCC certificate for autodiscover and owa e.t.c. to one that will function with a self-signed certificate, and how will it affect existing users laptops using Outlook Anywhere, iPhones e.t.c.?

Many thanks

Adam
0
amlydiate
Asked:
amlydiate
  • 3
  • 3
1 Solution
 
Cris HannaCommented:
If you make the switch back, every remote device you have...laptops, phones, etc, will be affected and have to be completely re-setup manually.

If you've had this working...simply renew the cert...you'll be much happier and take lots less time
0
 
Larry Struckmeyer MVPCommented:
Optionally you could purchase single SSL certs... less than $15/yr for some.  But as Chris points  out you will have to visit every device that depends on the cert.
0
 
amlydiateAuthor Commented:
Ok but what would I have to do on each device if I changed?
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Cris HannaCommented:
you would have to manually install the self signed cert on all laptops and Windows Mobile Devices
You would have re-run the Exchange Setup on Iphones and ignore the cert warning
0
 
amlydiateAuthor Commented:
Brilliant thank you, so as a last question, what do I actually have to do to remove the old certificate and create a new one? I definitely won't end up with autodiscover prompts in outlook as a result of this?

Thanks

Adam
0
 
Cris HannaCommented:
ahhh now that's a whole different issue and it is possible you could depending on your configuration.
Some other SBS MVPs have addressed Autodiscover in their blogs
http://www.thirdtier.net/2009/02/setting-up-an-external-autodiscover-record-for-sbs-2008/
http://msmvps.com/blogs/bradley/archive/2008/12/18/autodiscover-and-dns.aspx
no real need to remove the old cert since it's expired
Just re-run the Setup My Internet Address wizard, select I already have a domain name and select "I want to manage it myself".   When you get to the box to put in your domain name just enter company.com (whatever is appropriate)    By default the certificate will be created for remote.domainname.com    If you wish the certificate for something other than that, click on the Advanced link underneath where you enter your domain name and replace "remote" with mail or whatever.

Complete the wizard
The follow this blog for deploying the new cert to remote devices
http://blogs.technet.com/b/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx
0
 
amlydiateAuthor Commented:
Thanks that worked a treat!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now