Exchange SSL Cert for Outlook Security Alert

I currently have 1 Exchange 2007 server and 50 Outlook 2003 clients.  I will be upgrading the Outlook clients to 2010.  I would like to purchase an SSL cert for the server.  Here is my question:

The exchange server hosts 3 different Accepted Domains... XYZ.COM, ABC.COM, and EFG.LOCAL......

What do I need to do to get rid of the Outlook security Alert within the network when Outlook is launched, along with securing the 2 external domains when accessing OWA?

Do I need to purchase multiple certs? and if so, can more than one cert be installed on the same exchange server and all be active?
BSModlinAsked:
Who is Participating?
 
tigermattConnect With a Mentor Commented:

>> But I thought with Multi-names Certs you could only have multiple SUBDOMAIN names within the same domain

That's a wildcard certificate. For example, if you had a wildcard certificate for *.abc.com, it would be valid for any subdomain you create in abc.com.

A Unified Communications / Subject Alternate Name is valid for any combination of domain names you wish to add to it. You just have to have control over those domain names to verify its use (they will use Whois data to contact the domain owner).

-Matt
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
You can actually export the mail certificate and distribute it through group policy. Once it is trusted, you shouldn't get that error.

Can't answer the other two questions though.
0
 
BSModlinAuthor Commented:
Can you provide a walk thru to do this via GPO?
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
tigermattCommented:

For the cost of a commercial 3rd party SSL certificate (under $100), I would consider pursuing that option rather than distributing a self-signed certificate internally. Using self-signed certificates has implications when users log on remotely from other computers -- for one thing, you have to teach them to bypass a warning message in their browser which is there for a very good reason, and this puts users into bad habits.

GoDaddy sell trusted certificates by all major browsers for reasonable prices. You will need to buy one multi-name certificate (a Subject Alternate Name or Unified Communications certificate).

The names you must include depend entirely on how users for each network access your Exchange Server. My initial suggestions would be:

mail.xyz.com
autodiscover.xyz.com
mail.abc.com
autodiscover.abc.com
servername
servername.EFG.local

You definitely need the two autodiscover entries for your public .com domains, because users will look for those records when Outlook performs autodiscovery on their email address from non-domain computers.

If your users can log in to OWA either via mail.xyz.com or mail.abc.com, then you definitely need to include those names.

servername is the NetBIOS name of your Exchange Server and servername.EFG.local its internal FQDN. Not strictly required, but MUCH easier to include unless you are confident with DNS, configuring split DNS and adjusting your Exchange virtual directories so as not to reference the internal URL.

-Matt
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
If you have the money, go with Matt's suggestion. You will be thankful in the long run (especially if you ever introduce mobile devices).

If that is not an option, I can give you instructions.
0
 
BSModlinAuthor Commented:
But I thought with Multi-names Certs you could only have multiple SUBDOMAIN names within the same domain..... Is that not the case?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.