Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange SSL Cert for Outlook Security Alert

Posted on 2011-02-14
6
Medium Priority
?
551 Views
Last Modified: 2012-05-11
I currently have 1 Exchange 2007 server and 50 Outlook 2003 clients.  I will be upgrading the Outlook clients to 2010.  I would like to purchase an SSL cert for the server.  Here is my question:

The exchange server hosts 3 different Accepted Domains... XYZ.COM, ABC.COM, and EFG.LOCAL......

What do I need to do to get rid of the Outlook security Alert within the network when Outlook is launched, along with securing the 2 external domains when accessing OWA?

Do I need to purchase multiple certs? and if so, can more than one cert be installed on the same exchange server and all be active?
0
Comment
Question by:BSModlin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 34888810
You can actually export the mail certificate and distribute it through group policy. Once it is trusted, you shouldn't get that error.

Can't answer the other two questions though.
0
 

Author Comment

by:BSModlin
ID: 34888908
Can you provide a walk thru to do this via GPO?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 34889574

For the cost of a commercial 3rd party SSL certificate (under $100), I would consider pursuing that option rather than distributing a self-signed certificate internally. Using self-signed certificates has implications when users log on remotely from other computers -- for one thing, you have to teach them to bypass a warning message in their browser which is there for a very good reason, and this puts users into bad habits.

GoDaddy sell trusted certificates by all major browsers for reasonable prices. You will need to buy one multi-name certificate (a Subject Alternate Name or Unified Communications certificate).

The names you must include depend entirely on how users for each network access your Exchange Server. My initial suggestions would be:

mail.xyz.com
autodiscover.xyz.com
mail.abc.com
autodiscover.abc.com
servername
servername.EFG.local

You definitely need the two autodiscover entries for your public .com domains, because users will look for those records when Outlook performs autodiscovery on their email address from non-domain computers.

If your users can log in to OWA either via mail.xyz.com or mail.abc.com, then you definitely need to include those names.

servername is the NetBIOS name of your Exchange Server and servername.EFG.local its internal FQDN. Not strictly required, but MUCH easier to include unless you are confident with DNS, configuring split DNS and adjusting your Exchange virtual directories so as not to reference the internal URL.

-Matt
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 22

Expert Comment

by:Joseph Moody
ID: 34889590
If you have the money, go with Matt's suggestion. You will be thankful in the long run (especially if you ever introduce mobile devices).

If that is not an option, I can give you instructions.
0
 

Author Comment

by:BSModlin
ID: 34889614
But I thought with Multi-names Certs you could only have multiple SUBDOMAIN names within the same domain..... Is that not the case?
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 2000 total points
ID: 34890824

>> But I thought with Multi-names Certs you could only have multiple SUBDOMAIN names within the same domain

That's a wildcard certificate. For example, if you had a wildcard certificate for *.abc.com, it would be valid for any subdomain you create in abc.com.

A Unified Communications / Subject Alternate Name is valid for any combination of domain names you wish to add to it. You just have to have control over those domain names to verify its use (they will use Whois data to contact the domain owner).

-Matt
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question