mbkitmgr
asked on
SSL Cert for mail and Autodiscover
Hi all.
I am running exchange server 2013 CU7. When it was initially set up, i needed to create/add an SSL certificate mail.mycompany.com from Go-Daddy
We have now obtained some tablets and are configuring them for OLK Anywhere. For obvious reasons OLK Anywhere clients protest that the SSL cert name is invalid.
So - do I
OR
AND
How do I do either so I dont stuff it up.
I recognize now I need a UCC Certificate, but I am unsure what the process and sequence is to move from the std SSL cert to a UCC to minimise downtime
I am running exchange server 2013 CU7. When it was initially set up, i needed to create/add an SSL certificate mail.mycompany.com from Go-Daddy
We have now obtained some tablets and are configuring them for OLK Anywhere. For obvious reasons OLK Anywhere clients protest that the SSL cert name is invalid.
So - do I
1.
Just add a 2nd cert for autodiscover.... to the exchange environmentOR
2.
Go for the UCC certificateAND
How do I do either so I dont stuff it up.
I recognize now I need a UCC Certificate, but I am unsure what the process and sequence is to move from the std SSL cert to a UCC to minimise downtime
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Same applies to Exchange 2013.
If you do want to go the UCC route you'll need, at a minimum, two hostnames covered in the cert - mail.domain.com (for example) and autodiscover.domain.com. The first depends on what you use for OWA so it could be owa.domain.com, outlook.domain.com, email.domain.com, etc.
Take a weekend and try the SRV record though. You can change a DNS record for free, and it would require minimum downtime to test.
If you do want to go the UCC route you'll need, at a minimum, two hostnames covered in the cert - mail.domain.com (for example) and autodiscover.domain.com. The first depends on what you use for OWA so it could be owa.domain.com, outlook.domain.com, email.domain.com, etc.
Take a weekend and try the SRV record though. You can change a DNS record for free, and it would require minimum downtime to test.
ASKER