How to properly replace a self signed cert with a trusted cert for outlook anywhere

Hello all:

I am in the process of trying to migrate my exchange mail to office 365 and am having issues with the cert.  Apparently, I have to have a cert from a trusted CA.  I have outlook anywhere set up and in fact have several remote clients (and smartphones) using it without any problem.  I have SBS 2008 running and now I need to find a solution.

Here are my questions:

1) Where can I go to get a cheap trusted cert?  I think I can go to GoDaddy, but I'm not sure.

2) Once I have the cert, how do I properly install it without having everything blow up?  I'm assuming I would have to remove the self signed cert, but I'm not sure.  If so, how do I do that?

3) What other things do I need to be aware of?  This is all really new to me as I set up the machine per the recommended steps using the self signed cert, and because it worked, didn't really question it.

Any help from the gurus is greatly appreciated.  I would like to get the cutover migration started early this week so we can have full access of Office 365 and shut down our on-premise exchange server.

Many thanks!

jocasio123
LVL 15
Juan OcasioApplication DeveloperAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Gareth GudgerConnect With a Mentor Commented:
You need to actually buy a UCC/SAN cert. I am guessing for 69.00/year this is a standard SSL certificate. That only does one name. Call GoDaddy and see if they will let you pay the difference to get a UCC/SAN certificate.

My apologies, for some reason I thought you had Exchange 2010. In 2007 this process was all PowerShell based. Here is an article from GoDaddy on how to do that in 2007.
http://support.godaddy.com/help/article/4877/installing-an-ssl-certificate-in-microsoft-exchange-server-2007

With regard to self signed versus third party. A self signed only works if you manually install a certificate on all your computers/devices (or push down with a GPO).

A third party certificate is recognized out of the box as all clients regularly get Root Certificate Updates from Windows Update. Third party certs from GoDaddy are much more effortless than dealing with self signed certificates.
0
 
Gareth GudgerCommented:
1). I would recommend GoDaddy.com. Plus if you Google GoDaddy Promo Code they have a 33% off coupon code for new purchases right now.

2). You technically don't remove the old cert. You add the new cert and then assign services to the new cert. Here is the process: http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/

3). Nothing really. The cert is from a trusted third party so all phones will automatically authenticate.
0
 
Juan OcasioApplication DeveloperAuthor Commented:
Thanks for the response.  As I'm not really clear about how the SSL functions, can you please explain it to me?  I went on GoDaddy's website and see I can purchase a SSL for 69.00/yr.  When I install it on the exchange server (I have 2007) how does it work.  How does a web browser use that one vs. the self signed cert that is already in place?  I want to make sure I don't break anything as I have several people using RPC over HTTP.

Also,  when I get the certificate, how do I set it so that it has remote.mycompany.com and autodiscover.mycompany.com

I really need to be steped through the process from requesting the cert to installing to using it.

Thanks,

jocasio123
0
 
Juan OcasioApplication DeveloperAuthor Commented:
Thanks.  Yep.  I've already checked it out and found out I have to purchase a UCC cert as I will be adding several sub domains on there. I have the self signed already installed on all of the PC and when you access exchange via OWA, I'm good.  It's only when I'm trying to do the migration from our on premises exchange to Office 365 is where I get the issues.  It really sucks because it looks like I have to configure the trusted cert so that I can get the migration flowing.  Not sure that's worth the $400.00 for the trusted cert.

BTW as I am trying to migrate my exchange, have you every done a cutover migration using a self signed cert?
0
 
Gareth GudgerCommented:
I haven't with a self signed cert. The problem is that Office 365 won't know your root CA.

You should be able to get a UCC SAN cert for less. Especially if you do a GoDaddy promo code from a Google search.

Knowing that you are going to Office 365 and this is not a long term deal, you can get away with using just a standard SSL certificate, to keep the costs low. Although it requires quite a bit of configuration on the Exchange server end.
http://exchange.sembee.info/2007/install/clientaccesshostnames.asp
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.