SSL for Exchange 2010

ausman89
ausman89 used Ask the Experts™
on
We just got a 2008 R2 server that runs Exchange 2010.
Right now we just have a self-signed SSL in which is issued to "mail" (not "mail.example.com", just "mail") and it cause security warnings for OWA and ActiveSync.
I want an SSL that won't give any of these errors and will work with and allow me to setup Outlook Anywhere.

First off, will just the standard GoDaddy SSL for $12.99 suffice?  I ask because some people talk about getting a SAN or UCC SSL (or whatever its called) to cover all the following:
mail.example.com
autodiscover.example.com
internalservername.internaldomain.local
internalservername
However, I don't see why the SSL needs to cover the ".local" address, just the internal name, and the "autodiscovery" on our server is a subfolder (mail.example.com/autodiscover), not a subdomain (I think anyways).

Can someone explain, and tell me if a simple GoDaddy certificate issued for "mail.example.com" will suffice?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
In Exchange 2010 we require SSL for various communications like for accessing OWA or for Autodiscover so as to ensure a secure communication to and from the exchange server.
Regarding the details of the certificates, its usage and the types, please go through

http://exchangeserverpro.com/exchange-2010-ssl-certificates
and
http://technet.microsoft.com/en-us/library/dd351044.aspx


Technically, you can get away with using a single $12.99 certificate from GoDaddy but to do that will require quite a bit of configuration work to ensure that you don't get any certificate errors for OWA, Outlook, Outlook Anywhere, Activesync etc.

1. You will need to create an external DNS record for autodiscover to point to the correct DNS record for you single cert
2. You will need to configure your interal DNS servers to use the external URL that is on your certificates - do this wrong and you can break a lot of internal DNS functionallity for your external domain.

Numero_Uno has pointed you in the right direction for this one - buy the certs that Microsoft recommend as it will be a lot less painfull in the long run.

Author

Commented:
I have an addition to my question:

I decided against the single $12.99 godaddy certificate, but after some more research, their UCC certificate is supposed to work great for Exchange, so I am finishing up getting that going, however, in the process I found that autodiscover is a bit different than I expected.  

Autodiscover is setup as "mail.example.com/autodiscover" instead of what Outlook normally looks for ("autodiscover.example.com" or "example.com/autodiscover").

Can someone give me direction on how to change the setup/settings for autodiscover?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial