asked on

SSL Certifcate

Hi Experts,

Going back and forth with Rapid SSL support on a certificate that needs to cover autodiscover.mycustomer.com and remote.mycustomer.com for an SBS 2011 server I currently just have a standard ssl that covers remote but now need one for autodiscover ....can some one please recomend one in the rapidssl range as their is so many and their support seems a little wayward. Im not convinced he is steering me in the right direction, price is important godaddy were too expensive.

thanks.

ASKER CERTIFIED SOLUTION

Systech Admin

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

David Johnson, CD

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Andrew

ASKER

Thanks for the answers guys...

I think the one Gaurav has suggested the one so far that seems to fit the criteria required, as per the link in his reply... Although I had to swap to AU(Australian) $$$ the one ones Rapidssl support were suggesting were around $79-99 AU but they didn't mention SAN or UCC

Systech Admin

may be you can check the price in USD.

https://www.thesslstore.com/geotrust/quicksslpremium-san-certificate.aspx

Andrew

ASKER

Thanks Gaurav I have in AU now all good Rappidssl were suggesting this one Certificate True Business

But I felt that it would only do the main domain... am I correct in that thinking?

pgm554

I personally have not done this ,but SBS(and only SBS) will allow for autodiscover to work with just a single SSL name.
So no need for a UCC.

What you need to do is create a cname for autodiscover that points to your remote.mydomain.com.

This needs to be done in your registrars advanced DNS settings.

Andrew

ASKER

I have a cname that points to the ip address ATM which I created at the registrars DNS settings, but the PC that is outside the network is getting a certificate warning when that user opens up outlook.

All the advise I am reading is telling me I do require it? But I will log in and take a look at the settings again at the registrar.

I only have a few hours to do this as I am running out of time as the current cert for remote.mydomain.com expires in about 10 hours

ArneLovius

Instead of using an autodiscover CNAME or A record, use a _SRV record to the remote. hostname, then you can use a single named certificate

https://blogs.technet.microsoft.com/rmilne/2014/10/02/how-to-check-exchange-autodiscover-srv-record-using-nslookup/

Andrew

ASKER

I had actually come across that link a couple of weeks back when I was trying to get autodiscover to work for them I even got the registrar to create the record but I couldn't get it to recognize that particular record when I tested via mxtoolbox!!! not sure why though?

pgm554

You do need to create a srv record that points to remote.xxxxx.com
Here's how I have it configured at Register.com

As for testing autodiscover ,M$ has their own test for Exchange and stuff

https://testconnectivity.microsoft.com/
srv.PNG

ArneLovius

mxtoolbox is for SMTP delivery of mail, not autodiscovery from a client

the link that pgm554 posted is what you want for testing the SRV record

make sure that the autodiscover CNAME you created has been removed.

Andrew

ASKER

Thanks guys... I decided to purchase the the one from Guarav after speaking with the customer as we may have another cert requirement soon, thanks for your advise but for now despite being a bit expensive for the solution it's less complicated and will /should work without hassle cheers.

Andrew

ASKER

Gaurav suggestion was the best option with David suggestion some useful information.

ArneLovius

SBS2011 does not need a SAN certificate