How to properly replace a self signed cert with a trusted cert for outlook anywhere

Posted on 2014-03-29
Medium Priority
Last Modified: 2014-04-01
Hello all:

I am in the process of trying to migrate my exchange mail to office 365 and am having issues with the cert.  Apparently, I have to have a cert from a trusted CA.  I have outlook anywhere set up and in fact have several remote clients (and smartphones) using it without any problem.  I have SBS 2008 running and now I need to find a solution.

Here are my questions:

1) Where can I go to get a cheap trusted cert?  I think I can go to GoDaddy, but I'm not sure.

2) Once I have the cert, how do I properly install it without having everything blow up?  I'm assuming I would have to remove the self signed cert, but I'm not sure.  If so, how do I do that?

3) What other things do I need to be aware of?  This is all really new to me as I set up the machine per the recommended steps using the self signed cert, and because it worked, didn't really question it.

Any help from the gurus is greatly appreciated.  I would like to get the cutover migration started early this week so we can have full access of Office 365 and shut down our on-premise exchange server.

Many thanks!

Question by:Juan Ocasio
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39964541
1). I would recommend GoDaddy.com. Plus if you Google GoDaddy Promo Code they have a 33% off coupon code for new purchases right now.

2). You technically don't remove the old cert. You add the new cert and then assign services to the new cert. Here is the process: http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/

3). Nothing really. The cert is from a trusted third party so all phones will automatically authenticate.
LVL 14

Author Comment

by:Juan Ocasio
ID: 39965476
Thanks for the response.  As I'm not really clear about how the SSL functions, can you please explain it to me?  I went on GoDaddy's website and see I can purchase a SSL for 69.00/yr.  When I install it on the exchange server (I have 2007) how does it work.  How does a web browser use that one vs. the self signed cert that is already in place?  I want to make sure I don't break anything as I have several people using RPC over HTTP.

Also,  when I get the certificate, how do I set it so that it has remote.mycompany.com and autodiscover.mycompany.com

I really need to be steped through the process from requesting the cert to installing to using it.


LVL 31

Accepted Solution

Gareth Gudger earned 2000 total points
ID: 39965656
You need to actually buy a UCC/SAN cert. I am guessing for 69.00/year this is a standard SSL certificate. That only does one name. Call GoDaddy and see if they will let you pay the difference to get a UCC/SAN certificate.

My apologies, for some reason I thought you had Exchange 2010. In 2007 this process was all PowerShell based. Here is an article from GoDaddy on how to do that in 2007.

With regard to self signed versus third party. A self signed only works if you manually install a certificate on all your computers/devices (or push down with a GPO).

A third party certificate is recognized out of the box as all clients regularly get Root Certificate Updates from Windows Update. Third party certs from GoDaddy are much more effortless than dealing with self signed certificates.
LVL 14

Author Comment

by:Juan Ocasio
ID: 39967863
Thanks.  Yep.  I've already checked it out and found out I have to purchase a UCC cert as I will be adding several sub domains on there. I have the self signed already installed on all of the PC and when you access exchange via OWA, I'm good.  It's only when I'm trying to do the migration from our on premises exchange to Office 365 is where I get the issues.  It really sucks because it looks like I have to configure the trusted cert so that I can get the migration flowing.  Not sure that's worth the $400.00 for the trusted cert.

BTW as I am trying to migrate my exchange, have you every done a cutover migration using a self signed cert?
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39969474
I haven't with a self signed cert. The problem is that Office 365 won't know your root CA.

You should be able to get a UCC SAN cert for less. Especially if you do a GoDaddy promo code from a Google search.

Knowing that you are going to Office 365 and this is not a long term deal, you can get away with using just a standard SSL certificate, to keep the costs low. Although it requires quite a bit of configuration on the Exchange server end.

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
New style of hardware planning for Microsoft Exchange server.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question