• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 793
  • Last Modified:

Exchange 2010 Autodiscover SSL Certificate

We have an Exchange 2010 server.  I believe the Autodiscover is setup correctly because it works fine from within our domain.  However, anyone who opens Outlook on a non-domain computer gets the attached certificate error (although, connectivity works fine after accepting).  Also, setting up an account on a smartphone does not auto-configure.

I believe I need to add an SSL certificate for our Autodiscover domain (autodiscover.domain-name.com).  After I purchase the SSL certificate, what other steps do I need to do to get things working?  Just install the certificate on the Exchange server?  

I already have an SSL certificate for mail.domain-name.com installed.  Can I install a second SSL certificate for autodiscover?

2 Solutions
Nick RhodeIT DirectorCommented:
You would want to purchase a UC Certificate for multiple domains.  With that you will have all your domains specifiec/included like:


bruno71Author Commented:
cert error
Nick RhodeIT DirectorCommented:
Most likely due to autodiscover.domain.com is missing from the ssl certificate currently installed.
Simon Butler (Sembee)ConsultantCommented:
You cannot really add another certificate to the server for Autodiscover.
You have two main options.
1. Replace the certificate with a UC type, that includes Autodiscover as one of its additional names.
2. Configure SRV records in your DNS for Autodiscover. You need to ensure that autodiscover.example.com does NOT resolve if you do that. http://semb.ee/srv

Steve BottomsCommented:
Rather than buying a multi-domain cert, you might look into whether using a SAN (Subject Alternative Names) from your CA will work to list different subdomains within your domain.  For example, on the cert we have here (ourmail.ourdomain.com) we have listed five total SANs: ourmail.ourdomain.com, cas01.abc.local, cas02.abc.local, autodiscover.ourdomain.com, and loadbalancer.abc.local.  Our cert is thru GoDaddy and it's just a standard UCC.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now