Web Server, Outlook Web Access, and SSL


This is my first time doing this so I want to make sure I do things right. Even though this is a site created for testing, it needs to be setup correctly and I want it to be setup like the industry standard.

I registered a domain and it has a static IP address. I setup three servers running Windows Server 2012. One is AD. The second one hosts IIS and a default web page. The third server is running Exchange 2013.

My firewall is setup to forward port 80 to the web server, and port 25 is forwarded to the Exchange 2013 server. Also, port 443 is forwarded to the Exchange Server.

I setup Exchange 2013 and it is working. I can send messages to the outside world. I can also receive messages from the Internet.

For now, I have to enter http://www.hiddencompanyname.com when I want to get to my default web page. I have to enter https://hiddencompany.com/owa when I want to get to Outlook Web Access.

When I go to OWA, I am warned about my certificate.

My eventual goal for this test domain is that I want to be able to eventually connect to my Exchange 2013 server with Outlook 2013 using RPC over HTTPS, and I want this domain to be configured like and behave like what people usually do when they setup an IIS server for their web page and a separate server for their Exchange Server.

What is the next thing I need to do so that I can finalize this domain so that I can reach my goal of setting up Outlook with RPC over HTTPS? Is the next step an SSL certificate? Please advise.

Who is Participating?
Satish AutiConnect With a Mentor Senior System AdministratorCommented:
Yes if you dont have any certificate then create it. or go for third party .
Sanjay SantokiConnect With a Mentor Commented:

First of all you have to configure dummy autodiscover virtual directory on your web server which redirect to your exchange server when someone try with HTTP to HTTPS://owaURL. This will take care of autodiscovery.

As far as certificate warning is concerned; make sure that all the FQDNs used by Exchange service is added a subject alternative names. Also, You have to add local CA root certificate in trusted root certificate store on client computer in case you are using self-signed certificate.

Sanjay Santoki
jhiebAuthor Commented:
I am getting a bit confused by all the choices within the technical links. Even ExchangeGURU's links have different examples for the same thing. It is too bad there is not a step by step list of instructions on how to do everything I need to do.

Right now, I am struggling with getting the URL's situated. I am not that great with DNS so that doesn't help. I am setup like this:

My firewall is setup to forward port 80 to the web server, and port 25 is forwarded to the Exchange 2013 server. Also, port 443 is forwarded to the Exchange Server.

At my ISP, I have a three A records and they all point to the same IP address:


My Exchange server name is: ECTSRV01

Are there any other A records that I need to setup for Outlook Anywhere and/or for OWA?

Once the DNS settings are correct, is the next step to setup a certificate or the Configure URLS section of the technical notes? I think it is the configure URLS section. So, what should my URLs be for: ??

Servers/Outlook Anywhere

1. Specify the external host name such as conosto.com that users will use to connect to your organization? =

2. Specify the internal host name such as contoso.com that users will use to connect to your organization: =

3. Specify the authentication method for external clients to use when connecting to your organization: =

Servers/Virtual Directories
Should I change anything here?

Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Is your external DNS able to support SRV records?
If so, then configure an Autodiscover SRV record thus:

Then get a free single name SSL certificate from StartSSL.com

Do ensure that Autodiscover.example.com doesn't resolve anywhere.

jhiebAuthor Commented:
Thanks for the help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.