Exchange SSL Cert for Outlook Security Alert
I currently have 1 Exchange 2007 server and 50 Outlook 2003 clients. I will be upgrading the Outlook clients to 2010. I would like to purchase an SSL cert for the server. Here is my question:
The exchange server hosts 3 different Accepted Domains... XYZ.COM, ABC.COM, and EFG.LOCAL......
What do I need to do to get rid of the Outlook security Alert within the network when Outlook is launched, along with securing the 2 external domains when accessing OWA?
Do I need to purchase multiple certs? and if so, can more than one cert be installed on the same exchange server and all be active?
The exchange server hosts 3 different Accepted Domains... XYZ.COM, ABC.COM, and EFG.LOCAL......
What do I need to do to get rid of the Outlook security Alert within the network when Outlook is launched, along with securing the 2 external domains when accessing OWA?
Do I need to purchase multiple certs? and if so, can more than one cert be installed on the same exchange server and all be active?
ASKER
Can you provide a walk thru to do this via GPO?
For the cost of a commercial 3rd party SSL certificate (under $100), I would consider pursuing that option rather than distributing a self-signed certificate internally. Using self-signed certificates has implications when users log on remotely from other computers -- for one thing, you have to teach them to bypass a warning message in their browser which is there for a very good reason, and this puts users into bad habits.
GoDaddy sell trusted certificates by all major browsers for reasonable prices. You will need to buy one multi-name certificate (a Subject Alternate Name or Unified Communications certificate).
The names you must include depend entirely on how users for each network access your Exchange Server. My initial suggestions would be:
mail.xyz.com
autodiscover.xyz.com
mail.abc.com
autodiscover.abc.com
servername
servername.EFG.local
You definitely need the two autodiscover entries for your public .com domains, because users will look for those records when Outlook performs autodiscovery on their email address from non-domain computers.
If your users can log in to OWA either via mail.xyz.com or mail.abc.com, then you definitely need to include those names.
servername is the NetBIOS name of your Exchange Server and servername.EFG.local its internal FQDN. Not strictly required, but MUCH easier to include unless you are confident with DNS, configuring split DNS and adjusting your Exchange virtual directories so as not to reference the internal URL.
-Matt
If you have the money, go with Matt's suggestion. You will be thankful in the long run (especially if you ever introduce mobile devices).
If that is not an option, I can give you instructions.
If that is not an option, I can give you instructions.
ASKER
But I thought with Multi-names Certs you could only have multiple SUBDOMAIN names within the same domain..... Is that not the case?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can't answer the other two questions though.