Link to home
Start Free TrialLog in
Avatar of mcdnet
mcdnetFlag for United States of America

asked on

SBS Exchange Autodiscover Cert Replacement

Hi guys....

I have a 2011 Small Business Server.  Everything has been running great for 3 years with a *.domain.com cert.  Autodiscover, OWA... all of it.  Last month the star cert expired and needed to be replaced.  We didn't want to pay for the star cert again due to cost, so we just bought a standard cert for remote.domain.com.  

I was able to configure the standard cert and all services work fine using the remote.domain.com cert.  EXCEPT... Outlook autodiscover.  When a users tries to open Outlook remotely, they get the cert mismatch error, saying the name of the security certificate is invalid or does not match the name of the target site remote.domain.com.

I have since purchased another standard cert for autodiscover.domain.com.  I have installed it on the server and it doesn't show any issues.  If I go into the Exchange Management Console and look at the server configuration I can see the cert and it shows to be valid.  But there does not appear to be a way to assign it to autodiscover.  If I assign the IIS service to it, then the breaks the OWA access and shows it is trying to use the autodiscover cert instead of the remote cert.

So... can this autodiscover cert work?  Or do I have to buy a different cert?  Or have I just not configured the remote.domain.com cert correctly for the autodiscovery?  Or maybe any other suggested solutions?

Thanks!!
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mcdnet

ASKER

I am still working on this as I am learning now about these ucc certificates.  Seems the choice to go with from the start.  If I can use remote.domain.com but add autodiscover to the same cert it would seem this would work.  Just need to try to get this new cert and see if it will work.