SSL Cert for mail and Autodiscover

Hi all.  

I am running exchange server 2013 CU7. When it was initially set up, i needed to create/add an SSL certificate mail.mycompany.com from Go-Daddy

We have now obtained some tablets and are configuring them for OLK Anywhere.  For obvious reasons OLK Anywhere clients protest that the SSL cert name is invalid.

So - do I

1.

Just add a 2nd cert for autodiscover.... to the exchange environment
OR

2.

Go for the UCC certificate
AND
How do I do either so I dont stuff it up.
I recognize now I need a UCC Certificate, but I am unsure what the process and sequence is to move from the std SSL cert to a UCC to minimise downtime
LVL 8
mbkitmgrAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason CrawfordTransport NinjaCommented:
Why not just use an SRV record for Autodiscover and forego purchasing another cert all together?  When combined with SRV, Autodiscover only requires one host in the SSL certificate.

Check out scenario 2:

https://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx#BKMK_Scenario2Using

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mbkitmgrAuthor Commented:
Hi Keyser, checked this just now but it seems to apply to Exchange 2010, or am I reading it wrong
Jason CrawfordTransport NinjaCommented:
Same applies to Exchange 2013.

If you do want to go the UCC route you'll need, at a minimum, two hostnames covered in the cert - mail.domain.com (for example) and autodiscover.domain.com.  The first depends on what you use for OWA so it could be owa.domain.com, outlook.domain.com, email.domain.com, etc.

Take a weekend and try the SRV record though.  You can change a DNS record for free, and it would require minimum downtime to test.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.