• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 608
  • Last Modified:

Exchange 2010, Digital Certificates and Outlook Anywhere

Exchange 2010, Digital Certificates and Outlook Anywhere
 
I have just installed a new SBS 2011 server and the client is asking whether their external members of staff can access their emails via Outlook on their home computers
 
From my understanding in order for this to work I need to go and purchase a digital certificate from a vendor such as GoDaddy, install the digital certificate on the Exchange and clients then configure Outlook's Exchange Proxy Settings...
     
My question is; do I NEED to purchase a digital certificate or can I create one myself somehow? If it is possible, can someone provide me with basic (step by step) instructions of how to do this?
 
Or is there another way people can use Outlook from their home computers. Without using OWA
0
the_omnific
Asked:
the_omnific
2 Solutions
 
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
You can use an internal Windows CA certificate if you have one. Make sure that the root certs are installed on the client computers as well. This will make OWA work.

Using 3rd party cert is the recommended option for Outlook Anywhere. You can try and make it work by importing the root cert if you are using an internal cert.

http://shahrier.blogspot.com/2008/03/how-to-generate-certificate-from.html gives info on how to create an internal CA and request certificate.
0
 
Cliff GaliherCommented:
This is SBS. stick to the wizards. if you ran the Internet address wizard then it already configured exchange with a certificate. It also created an exe package with an installer that clients can run to install the root cert. Just give that to them on a USB key.

With that said, certs are CHEAP. for about the cost pf angourmet coffee once a month, you can have a 3rd party cert and not need to make users install that client piece. It saves enough support cakes that it usually pays for itself. Again, simply stick to the SBS "trusted certificate" wizard and it'll help you request and en install the 3rd party cert for exchange and OWA. Highly recommended.

-Cliff
0
 
the_omnificAuthor Commented:
Where do you recommend that I purchase the certificate from and given my requirements (ie just wanting to access Outlook from Anywhere) what do I need?
 
Single domain or multiple domain? Do I need anything else?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
Cliff GaliherCommented:
Godaddy is fine. Single name cert. Use the SBS certificate wizard and it will generate the appropriate CSR that you then submit to Godaddy. A second run through the wizard will hand hold through importing the completed cert that godaddy sends you.

-Cliff
0
 
the_omnificAuthor Commented:
hmm a friend told me that I need to purchase multi-cert due to the various records I require such as autodiscovery.domain.com; mail.domain.com etc
 
Is that not correct?
0
 
irweazelwallisCommented:
if you want to be able to run all these additional services you would be best to get a SAN certificate
include that way the certificate is valid internally and externally

audodiscover.yourdomain.com
localhost.internaldomain.com
owaaddres.domain.com
mxrecordname.domain.com

i think SBS 2011 runs exchange 2010 so If you run through the wizard for generating the certificate it will tell you what you need.

If buidget it really tight you can fudge it on to one url and get away with one certificate - i have done this on my test lab and it works fine. just pointing all the other urls at the same one i.e.the autodiscover and others to https://mailserver.mydomain.org/autodiscover

http://technet.microsoft.com/en-us/library/bb310764.aspx

this link shows you how to run through it
0
 
Cliff GaliherCommented:
SBS is designed for a single cert and it works as expected. You do NOT need a SAN cert even for additional services. Remember that exchange is designed to scale do in rage topologies this can become a requirement. But SBS is not large and the wizard automates the consolidated URL process. Stick to the wizards.

-Cliff
0
 
the_omnificAuthor Commented:
Cliff
 
I am using the wizard as you suggested but I get the following problem (please see attached images).
 
Any ideas why it's not working properly? I have spent nearly 3 hours on this today and it's driving me insane.
 
Thank you
choose.jpg
Does-not-match.jpg
0
 
Cliff GaliherCommented:
Looks like you got your follow-up question answered already in another thread.
0
 
the_omnificAuthor Commented:
Yep. All sorted!
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now