Exchange 2010 Autodiscover SSL Certificate

We have an Exchange 2010 server.  I believe the Autodiscover is setup correctly because it works fine from within our domain.  However, anyone who opens Outlook on a non-domain computer gets the attached certificate error (although, connectivity works fine after accepting).  Also, setting up an account on a smartphone does not auto-configure.

I believe I need to add an SSL certificate for our Autodiscover domain (autodiscover.domain-name.com).  After I purchase the SSL certificate, what other steps do I need to do to get things working?  Just install the certificate on the Exchange server?  

I already have an SSL certificate for mail.domain-name.com installed.  Can I install a second SSL certificate for autodiscover?

Thanks.
bruno71
bruno71Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Nick RhodeIT DirectorCommented:
You would want to purchase a UC Certificate for multiple domains.  With that you will have all your domains specifiec/included like:

Mail.domain.com
autodiscover.domain.com
domain.com

etc.
0
bruno71Author Commented:
cert error
0
Nick RhodeIT DirectorCommented:
Most likely due to autodiscover.domain.com is missing from the ssl certificate currently installed.
0
Simon Butler (Sembee)ConsultantCommented:
You cannot really add another certificate to the server for Autodiscover.
You have two main options.
1. Replace the certificate with a UC type, that includes Autodiscover as one of its additional names.
2. Configure SRV records in your DNS for Autodiscover. You need to ensure that autodiscover.example.com does NOT resolve if you do that. http://semb.ee/srv

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steve BottomsCommented:
Rather than buying a multi-domain cert, you might look into whether using a SAN (Subject Alternative Names) from your CA will work to list different subdomains within your domain.  For example, on the cert we have here (ourmail.ourdomain.com) we have listed five total SANs: ourmail.ourdomain.com, cas01.abc.local, cas02.abc.local, autodiscover.ourdomain.com, and loadbalancer.abc.local.  Our cert is thru GoDaddy and it's just a standard UCC.

Steve
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.