Exchange 2013 autodiscover and SSL cert

Hello
I have just set up my first Exchange 2013 server. It works fine for the internal users on the domain. Now I want to allow access for some external non-domain colleagues. This is what I have done so far, following what I can find on the Internet.

Enabled Split-DNS (http://exchange.sembee.info/network/split-dns.asp)

Set the internal and external URLs of the following directories to https://remote.mydomain.com/whatever ...  ECP, EWS, ActiveSync, OAB, OWA, Powershell
(http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2013/)

From the same article I modified the internal and external URL of Outlook Anywhere by going to ECP, Servers, Servers, Outlook Anywhere tab.

Finally I ran the following powershell command to change the Autodiscover URL
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml

At this point I have not created or applied for a third party SSL certificate. This is my next step but I am trying to test first. But at the moment if I try to set up an account from an external PC, I get a warning about the SSL cert, I click Continue and get the error in the attached file.

Is my problem caused because I have not got a proper certificate or haOutlookAnywhere-error.rtfve I done something wrong / missed something in my config so far?

When I apply for the certificate do I need to have remote.mydomain.com AND autodiscover.mydomain.com as a SAN? Or just remote.mydomain.com?

Thanks very much in advance.

Alasdair
AlasdairbAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott CSenior EngineerCommented:
That is exactly what is going on.  Because you don't have the cert you are getting the warning.

When you order and install your cert with all of your URLs in it, the cert warnings will go away.

Yes, you need both of these addresses in the cert.

I recently worked a case where the installer left off the autodiscover URL and we kept getting the cert warnings.  Once he re-ordered it and it was installed everything started working as it should.

I also followed the instructions here to create my SRV record.

https://support.microsoft.com/en-us/kb/2772058
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AlasdairbAuthor Commented:
Hello ScottCha,

Thanks for the reply. I applied for a digicert certificate with both URLs and got it approved and the cert mailed back within ten minutes, and yes, all works fine now.

Thanks again.

Alasdair
0
Scott CSenior EngineerCommented:
Happy to have helped.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.