Link to home
Start Free TrialLog in
Avatar of dtssupport
dtssupportFlag for United States of America

asked on

What Kind of SSL is needed for Exchange 2016 (Single Domain)

I am installing on OnPremise Exchange 2016 with one Domain, What type of SSL would be best suited so when you want to connect Mobile Devices/OWA by putting in the email address and password, it will go out and search for it and connect it to the device without setting it up manually?
Avatar of Riaz Alexander Ansary
Riaz Alexander Ansary
Flag of United States of America image
On your exchange server  you will need to purchase a public trusted Certificate. when you first install an exchange server it generates a sel signed certificate and assigns it to the IIS, SMPT, POP and IMAP services that allows the server to be secure by default. but you do  need to purchase a Publicly trusted certificate from a trusted authority like godaddy depending on your Client access name space configuration.
you have 3 basic requirement for an SSL certificate in an exchange 2016 deployment.
Trusted Certificate authority:  your certificate needs to be from a trusted authority. this will enables clients to trust the certificate that previously would not be able to trust with you self signed default certificate.  
Correct Domain/Server Names: your certificate needs to contain all the correct domains, aliases and internal/External URLs that you have configured in your client access server under each of the virtual directories. one example in my case is mail.mydomain.com that we are using for all internal/external URLs and clients and virtual directories access exchange via that URLs
Certificate Validity period: each certificate has a validity period when it reaches expiration date you need to renew it.

  1. follow the following steps to install a certificate on your exchange server:
  2. generate a certificate request CSR  on your exchange server
  3. use the generated CSR to purchase your certificate from, lets say, GoDaddy
  4. complete pending certificate request on the exchange server once you have the certificate purchased.
  5. you can then export this certificate and import it into other exchange servers

follow these links to accomplish the above if you dont know how to
https://practical365.com/exchange-server/how-to-generate-ssl-certificate-request-exchange-2016/
https://practical365.com/exchange-server/exchange-2016-complete-pending-ssl-certificate-request/
https://practical365.com/exchange-server/exporting-and-importing-exchange-server-2016-ssl-certificates/
ASKER CERTIFIED SOLUTION
Avatar of timgreen7077
timgreen7077
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Hani M .S. Al-habshi
Hani M .S. Al-habshi
Flag of Yemen image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dtssupport
dtssupport
Flag of United States of America image

ASKER

Yes, all I needed was a UCC for up to 5 Domain/Sub-Domains, thank you very much!!  That SSL worked fine.
Avatar of timgreen7077
timgreen7077
Great, glad it worked for you.
Avatar of dtssupport
dtssupport
Flag of United States of America image

ASKER

thank you for your help, sorry for the delay in getting back to you guys....it's been a crazy 2 weeks