SSL Cert for mail and Autodiscover

mbkitmgr
mbkitmgr used Ask the Experts™
on
Hi all.  

I am running exchange server 2013 CU7. When it was initially set up, i needed to create/add an SSL certificate mail.mycompany.com from Go-Daddy

We have now obtained some tablets and are configuring them for OLK Anywhere.  For obvious reasons OLK Anywhere clients protest that the SSL cert name is invalid.

So - do I

1.

Just add a 2nd cert for autodiscover.... to the exchange environment
OR

2.

Go for the UCC certificate
AND
How do I do either so I dont stuff it up.
I recognize now I need a UCC Certificate, but I am unsure what the process and sequence is to move from the std SSL cert to a UCC to minimise downtime
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Why not just use an SRV record for Autodiscover and forego purchasing another cert all together?  When combined with SRV, Autodiscover only requires one host in the SSL certificate.

Check out scenario 2:

https://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx#BKMK_Scenario2Using

Author

Commented:
Hi Keyser, checked this just now but it seems to apply to Exchange 2010, or am I reading it wrong

Commented:
Same applies to Exchange 2013.

If you do want to go the UCC route you'll need, at a minimum, two hostnames covered in the cert - mail.domain.com (for example) and autodiscover.domain.com.  The first depends on what you use for OWA so it could be owa.domain.com, outlook.domain.com, email.domain.com, etc.

Take a weekend and try the SRV record though.  You can change a DNS record for free, and it would require minimum downtime to test.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial