Certificate with Virtual directories confirmation

Hi All

I am currently in the process of migrating from exchange 2010 to exchange 2013. But before i can proceed i need to know the standards for each one of the following

I need t know if my certificate is ok with the following virtual directories

1. Autodiscover - is it ok to have https://mail.aaa.school.fj/autodiscover/autodiscover.xml - set as internal uri
2. OWA - is it ok to have https://mail.aaa.school.fj/owa - set for internal and external
3. ECP - is it ok to have  https://mail/ecp - internal https://mail.aaa.school.fj/ecp -external
4. OAB - is it ok to have https://mail.aaa.school.fj/oab set for internal and external
5. ActiveSync - is it ok to have https://mail.aaa.school.fj/Microsoft-Server-ActiveSync set for internal and external
6. EWS - is it ok to have https://mail.aaa.school.fj/EWS/Exchange.asmx

My certificate has the following and i need to know if it is what it should be . This is used for smtp,IIS

aaa.school.fj
www.aaa.school.fj
autodiscover.aaa.school.fj
imap.mail.aaa.school.fj
pop.mail.aaa.school.fj
mail.aaa.school.fj

Also how would i be able to setup pop3 and imap
Member_2_6474242Senior Systems AdministratorAsked:
Who is Participating?
 
Riaz Alexander AnsaryEnterprise Infrastructure Systems EngineerCommented:
collecting information about your existing exchange organization is critical when it comes to upgrading. go through a checklist which the following two is a part of that checklist
  • Client Access NameSpaces
  • SSL Certificates
collect internal and external uri information of all your virtual directories.
your SSL certificates gotta match the server name(URL/Namespace) the client is connecting, you can certainly reuse the existing certificates for your new exchange 2016 servers.  if you are thinking how can you use a cert that matches the server name from old servers, in that case  you gotta know that clients are not connecting to old servers using the servers real name, they use the URLs and name spaces that mentioned above. and if your clients are connecting to real server names that would be a good example of miss-configured namespaces. and this is the time to change that. you certificaate needs to be configured with all the DOmains you have  used in your virtual directories.

why do you want to use different domain for each virtual directory. I would recommend  you use one domain for all such as Mail.YourDomain.Com
that way all your virtual directories will use that as base domain and your cert config will be easier too.
0
 
Brian McDonaldIT ManagerCommented:
I went through this same thing awhile back. What worked for me was changing from a UCC to a wildcard cert. That way any subdomain was covered and it worked great.

The other thing I made sure of what that all URIs were identical between external and internal virtual directories

Based on what you have listed I think you'll be fine, it is similar to the setup I have in my exchange 2013
0
 
Member_2_6474242Senior Systems AdministratorAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.