Solved

How to properly replace a self signed cert with a trusted cert for outlook anywhere

Posted on 2014-03-29
5
1,604 Views
Last Modified: 2014-04-01
Hello all:

I am in the process of trying to migrate my exchange mail to office 365 and am having issues with the cert.  Apparently, I have to have a cert from a trusted CA.  I have outlook anywhere set up and in fact have several remote clients (and smartphones) using it without any problem.  I have SBS 2008 running and now I need to find a solution.

Here are my questions:

1) Where can I go to get a cheap trusted cert?  I think I can go to GoDaddy, but I'm not sure.

2) Once I have the cert, how do I properly install it without having everything blow up?  I'm assuming I would have to remove the self signed cert, but I'm not sure.  If so, how do I do that?

3) What other things do I need to be aware of?  This is all really new to me as I set up the machine per the recommended steps using the self signed cert, and because it worked, didn't really question it.

Any help from the gurus is greatly appreciated.  I would like to get the cutover migration started early this week so we can have full access of Office 365 and shut down our on-premise exchange server.

Many thanks!

jocasio123
0
Comment
Question by:Juan Ocasio
  • 3
  • 2
5 Comments
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
1). I would recommend GoDaddy.com. Plus if you Google GoDaddy Promo Code they have a 33% off coupon code for new purchases right now.

2). You technically don't remove the old cert. You add the new cert and then assign services to the new cert. Here is the process: http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/

3). Nothing really. The cert is from a trusted third party so all phones will automatically authenticate.
0
 
LVL 14

Author Comment

by:Juan Ocasio
Comment Utility
Thanks for the response.  As I'm not really clear about how the SSL functions, can you please explain it to me?  I went on GoDaddy's website and see I can purchase a SSL for 69.00/yr.  When I install it on the exchange server (I have 2007) how does it work.  How does a web browser use that one vs. the self signed cert that is already in place?  I want to make sure I don't break anything as I have several people using RPC over HTTP.

Also,  when I get the certificate, how do I set it so that it has remote.mycompany.com and autodiscover.mycompany.com

I really need to be steped through the process from requesting the cert to installing to using it.

Thanks,

jocasio123
0
 
LVL 30

Accepted Solution

by:
Gareth Gudger earned 500 total points
Comment Utility
You need to actually buy a UCC/SAN cert. I am guessing for 69.00/year this is a standard SSL certificate. That only does one name. Call GoDaddy and see if they will let you pay the difference to get a UCC/SAN certificate.

My apologies, for some reason I thought you had Exchange 2010. In 2007 this process was all PowerShell based. Here is an article from GoDaddy on how to do that in 2007.
http://support.godaddy.com/help/article/4877/installing-an-ssl-certificate-in-microsoft-exchange-server-2007

With regard to self signed versus third party. A self signed only works if you manually install a certificate on all your computers/devices (or push down with a GPO).

A third party certificate is recognized out of the box as all clients regularly get Root Certificate Updates from Windows Update. Third party certs from GoDaddy are much more effortless than dealing with self signed certificates.
0
 
LVL 14

Author Comment

by:Juan Ocasio
Comment Utility
Thanks.  Yep.  I've already checked it out and found out I have to purchase a UCC cert as I will be adding several sub domains on there. I have the self signed already installed on all of the PC and when you access exchange via OWA, I'm good.  It's only when I'm trying to do the migration from our on premises exchange to Office 365 is where I get the issues.  It really sucks because it looks like I have to configure the trusted cert so that I can get the migration flowing.  Not sure that's worth the $400.00 for the trusted cert.

BTW as I am trying to migrate my exchange, have you every done a cutover migration using a self signed cert?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
I haven't with a self signed cert. The problem is that Office 365 won't know your root CA.

You should be able to get a UCC SAN cert for less. Especially if you do a GoDaddy promo code from a Google search.

Knowing that you are going to Office 365 and this is not a long term deal, you can get away with using just a standard SSL certificate, to keep the costs low. Although it requires quite a bit of configuration on the Exchange server end.
http://exchange.sembee.info/2007/install/clientaccesshostnames.asp
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now