asked on

Self signed certificate with Exchange

Hi,

Just installed Exchange 2010 from SBS 2011. The installation went without any problem. But the issue right now is each time a user log into MS Outlook, a pop up screen would show up, acknowledging the 'certificate' isn't trusted.

So you installed the certificate into its default location, close off MS Outlook, again the pop up screen appears about the certificate.

It appears this certificate is self signed when exchange was initially installed. But, if it's a domain certificate WHY it keeps popping up every time MS Outlook is open.

Is there a way to turn this thing off (e.g., using the GP Management console to installed it to computer) ? Would that work?????????

Heaps of thanks.

Alan Hardisty

The self-signed certificate can be made to work with Exchange, but the hassle and number of settings you need to tweak to make it work without any complaints all round just isn't worth it IMHO.

I would recommend you purchase a Go-Daddy SSL for about $180 (for 3 years) which needs to be a SAN / UCC SSL cert - max 5 names and you should include the following names in the cert:

remote.yourexternaldomain.com (or whatever you have chosen)
autodiscover.yourexternaldomain.com
internalservername.internaldomainname.local
internalservername
sites

Once this is installed - all error messages should disappear.

mcse2007

ASKER

Thanks Alanhardisty........I gather 5 certificates that needed to be purchased as per the above?

Alan Hardisty

Only one certificate - multiple names included in the certificate (Subject Alternative Name / Unified Communications Certificate).

mcse2007

ASKER

Are these the links that you most referring to:

SAN
http://www.godaddy.com/domains/searchresults2.aspx?ci=16811

UCC
http://www.godaddy.com/domains/searchresults2.aspx?ci=42376

It is during the puchasing/registration of the certicate where you can nominate your 5 max names?

Alan Hardisty

Try this:

http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=9039

Standard SSL - Multiple Domains UCC - Up To 5 Domains - Select the number of years you want (I usually go for 3 minimum).

These are $89.99 / year but my reseller site is $59.99 / year :) Look at my profile for details if you are interested.

mcse2007

ASKER

Sorry few more questions:

When you buy the Standard SSL - Multiple Domains UCC, installing it just like installing a typical SSL certificate, no different?

Also, what will happened to the Self Signed Certificate that is pre-installed?

Why would those annoying pop up screen from MS Outlook would go away, can't it self signed certificate address the issue?

ASKER CERTIFIED SOLUTION

Alan Hardisty

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

mcse2007

ASKER

B R I L L I A N T !!!!

Thank you so much sir.

Alan Hardisty

:) - Glad it is working and the errors have gone away.

Alan

mcse2007

ASKER

Hi Alanhardisty

A friend of mine asked me, would it be possible to purchase your registered SAN like:

*.domain.com

Rather than the following:

mail.domain.com
citrix.domain.com
www.domain.com
shop.domain.com
register.domain.com

Heaps of thanks

Alan Hardisty

Wildcard certs are more expensive but you can buy one if you want, but you need the names I mentioned in my first post which a Wildcard cert won't cover.