Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


How to properly replace a self signed cert with a trusted cert for outlook anywhere

Posted on 2014-03-29
Medium Priority
Last Modified: 2014-04-01
Hello all:

I am in the process of trying to migrate my exchange mail to office 365 and am having issues with the cert.  Apparently, I have to have a cert from a trusted CA.  I have outlook anywhere set up and in fact have several remote clients (and smartphones) using it without any problem.  I have SBS 2008 running and now I need to find a solution.

Here are my questions:

1) Where can I go to get a cheap trusted cert?  I think I can go to GoDaddy, but I'm not sure.

2) Once I have the cert, how do I properly install it without having everything blow up?  I'm assuming I would have to remove the self signed cert, but I'm not sure.  If so, how do I do that?

3) What other things do I need to be aware of?  This is all really new to me as I set up the machine per the recommended steps using the self signed cert, and because it worked, didn't really question it.

Any help from the gurus is greatly appreciated.  I would like to get the cutover migration started early this week so we can have full access of Office 365 and shut down our on-premise exchange server.

Many thanks!

Question by:Juan Ocasio
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39964541
1). I would recommend GoDaddy.com. Plus if you Google GoDaddy Promo Code they have a 33% off coupon code for new purchases right now.

2). You technically don't remove the old cert. You add the new cert and then assign services to the new cert. Here is the process: http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/

3). Nothing really. The cert is from a trusted third party so all phones will automatically authenticate.
LVL 15

Author Comment

by:Juan Ocasio
ID: 39965476
Thanks for the response.  As I'm not really clear about how the SSL functions, can you please explain it to me?  I went on GoDaddy's website and see I can purchase a SSL for 69.00/yr.  When I install it on the exchange server (I have 2007) how does it work.  How does a web browser use that one vs. the self signed cert that is already in place?  I want to make sure I don't break anything as I have several people using RPC over HTTP.

Also,  when I get the certificate, how do I set it so that it has remote.mycompany.com and autodiscover.mycompany.com

I really need to be steped through the process from requesting the cert to installing to using it.


LVL 31

Accepted Solution

Gareth Gudger earned 2000 total points
ID: 39965656
You need to actually buy a UCC/SAN cert. I am guessing for 69.00/year this is a standard SSL certificate. That only does one name. Call GoDaddy and see if they will let you pay the difference to get a UCC/SAN certificate.

My apologies, for some reason I thought you had Exchange 2010. In 2007 this process was all PowerShell based. Here is an article from GoDaddy on how to do that in 2007.

With regard to self signed versus third party. A self signed only works if you manually install a certificate on all your computers/devices (or push down with a GPO).

A third party certificate is recognized out of the box as all clients regularly get Root Certificate Updates from Windows Update. Third party certs from GoDaddy are much more effortless than dealing with self signed certificates.
LVL 15

Author Comment

by:Juan Ocasio
ID: 39967863
Thanks.  Yep.  I've already checked it out and found out I have to purchase a UCC cert as I will be adding several sub domains on there. I have the self signed already installed on all of the PC and when you access exchange via OWA, I'm good.  It's only when I'm trying to do the migration from our on premises exchange to Office 365 is where I get the issues.  It really sucks because it looks like I have to configure the trusted cert so that I can get the migration flowing.  Not sure that's worth the $400.00 for the trusted cert.

BTW as I am trying to migrate my exchange, have you every done a cutover migration using a self signed cert?
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39969474
I haven't with a self signed cert. The problem is that Office 365 won't know your root CA.

You should be able to get a UCC SAN cert for less. Especially if you do a GoDaddy promo code from a Google search.

Knowing that you are going to Office 365 and this is not a long term deal, you can get away with using just a standard SSL certificate, to keep the costs low. Although it requires quite a bit of configuration on the Exchange server end.

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question