Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Creating an SSL certificate for Exchange 2010

Posted on 2011-11-01
Medium Priority
Last Modified: 2012-05-12
I am going to purchase an SSL certificate for a new Exchange 2010 server that I'm setting up, but it's been a while since I did this last.  I would like to use OWA and Outlook anywhere, so I need some advice as to what domain names and SAN's to put in the certificate.

Let's say that my mailserver is called: mail-pc

The FQDN is mail-pc.mydomain.internal

Our MX record resolves to mail.anotherdomain.co.uk

What names do I include (such as autodiscover) to ensure I get the cert right first time?
Question by:icuadmin

Accepted Solution

sirakov earned 800 total points
ID: 37062990
Lets say your external domain is called mydomain.co.uk and there is A records mail.mydomain.co.uk and autodiscover.mydomain.co.uk pointing to your CAS server
You will only need a SAN including mail.mydomain.co.uk and autodiscover.mydomain.co.uk.
This is optimal but you will need for your internal users to implement a Split DNS wich is great because users will have the same experience inside and outside the domain.
-they wont have to enter internally https://mail-pc.mydomain.internal/owa but https://mail.mydomain.co.uk /owa everywhere
Split DNS = To create an internal DNS zone with the same name as your external (mydomain.co.uk ) and pointing A record "mail" to your local IP address of exchange
You will also have to change the internal URLs of Exchange virtual directories following this KB:
You other option is to include internal names in the SAN but this is not recomended at all
using the default self signed certificates of Exchange but only for SMTP and assign you purchassed certificate for IIS


Assisted Solution

AhmedHERMI earned 200 total points
ID: 37063269

Author Closing Comment

ID: 37063292

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month10 days, 15 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question