Solved

How to properly replace a self signed cert with a trusted cert for outlook anywhere

Posted on 2014-03-29
5
1,714 Views
Last Modified: 2014-04-01
Hello all:

I am in the process of trying to migrate my exchange mail to office 365 and am having issues with the cert.  Apparently, I have to have a cert from a trusted CA.  I have outlook anywhere set up and in fact have several remote clients (and smartphones) using it without any problem.  I have SBS 2008 running and now I need to find a solution.

Here are my questions:

1) Where can I go to get a cheap trusted cert?  I think I can go to GoDaddy, but I'm not sure.

2) Once I have the cert, how do I properly install it without having everything blow up?  I'm assuming I would have to remove the self signed cert, but I'm not sure.  If so, how do I do that?

3) What other things do I need to be aware of?  This is all really new to me as I set up the machine per the recommended steps using the self signed cert, and because it worked, didn't really question it.

Any help from the gurus is greatly appreciated.  I would like to get the cutover migration started early this week so we can have full access of Office 365 and shut down our on-premise exchange server.

Many thanks!

jocasio123
0
Comment
Question by:Juan Ocasio
  • 3
  • 2
5 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39964541
1). I would recommend GoDaddy.com. Plus if you Google GoDaddy Promo Code they have a 33% off coupon code for new purchases right now.

2). You technically don't remove the old cert. You add the new cert and then assign services to the new cert. Here is the process: http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/

3). Nothing really. The cert is from a trusted third party so all phones will automatically authenticate.
0
 
LVL 14

Author Comment

by:Juan Ocasio
ID: 39965476
Thanks for the response.  As I'm not really clear about how the SSL functions, can you please explain it to me?  I went on GoDaddy's website and see I can purchase a SSL for 69.00/yr.  When I install it on the exchange server (I have 2007) how does it work.  How does a web browser use that one vs. the self signed cert that is already in place?  I want to make sure I don't break anything as I have several people using RPC over HTTP.

Also,  when I get the certificate, how do I set it so that it has remote.mycompany.com and autodiscover.mycompany.com

I really need to be steped through the process from requesting the cert to installing to using it.

Thanks,

jocasio123
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 39965656
You need to actually buy a UCC/SAN cert. I am guessing for 69.00/year this is a standard SSL certificate. That only does one name. Call GoDaddy and see if they will let you pay the difference to get a UCC/SAN certificate.

My apologies, for some reason I thought you had Exchange 2010. In 2007 this process was all PowerShell based. Here is an article from GoDaddy on how to do that in 2007.
http://support.godaddy.com/help/article/4877/installing-an-ssl-certificate-in-microsoft-exchange-server-2007

With regard to self signed versus third party. A self signed only works if you manually install a certificate on all your computers/devices (or push down with a GPO).

A third party certificate is recognized out of the box as all clients regularly get Root Certificate Updates from Windows Update. Third party certs from GoDaddy are much more effortless than dealing with self signed certificates.
0
 
LVL 14

Author Comment

by:Juan Ocasio
ID: 39967863
Thanks.  Yep.  I've already checked it out and found out I have to purchase a UCC cert as I will be adding several sub domains on there. I have the self signed already installed on all of the PC and when you access exchange via OWA, I'm good.  It's only when I'm trying to do the migration from our on premises exchange to Office 365 is where I get the issues.  It really sucks because it looks like I have to configure the trusted cert so that I can get the migration flowing.  Not sure that's worth the $400.00 for the trusted cert.

BTW as I am trying to migrate my exchange, have you every done a cutover migration using a self signed cert?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39969474
I haven't with a self signed cert. The problem is that Office 365 won't know your root CA.

You should be able to get a UCC SAN cert for less. Especially if you do a GoDaddy promo code from a Google search.

Knowing that you are going to Office 365 and this is not a long term deal, you can get away with using just a standard SSL certificate, to keep the costs low. Although it requires quite a bit of configuration on the Exchange server end.
http://exchange.sembee.info/2007/install/clientaccesshostnames.asp
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question