What Kind of SSL is needed for Exchange 2016 (Single Domain)

I am installing on OnPremise Exchange 2016 with one Domain, What type of SSL would be best suited so when you want to connect Mobile Devices/OWA by putting in the email address and password, it will go out and search for it and connect it to the device without setting it up manually?
dtssupportAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Riaz Alexander AnsaryEnterprise Infrastructure Systems EngineerCommented:
On your exchange server  you will need to purchase a public trusted Certificate. when you first install an exchange server it generates a sel signed certificate and assigns it to the IIS, SMPT, POP and IMAP services that allows the server to be secure by default. but you do  need to purchase a Publicly trusted certificate from a trusted authority like godaddy depending on your Client access name space configuration.
you have 3 basic requirement for an SSL certificate in an exchange 2016 deployment.
Trusted Certificate authority:  your certificate needs to be from a trusted authority. this will enables clients to trust the certificate that previously would not be able to trust with you self signed default certificate.  
Correct Domain/Server Names: your certificate needs to contain all the correct domains, aliases and internal/External URLs that you have configured in your client access server under each of the virtual directories. one example in my case is mail.mydomain.com that we are using for all internal/external URLs and clients and virtual directories access exchange via that URLs
Certificate Validity period: each certificate has a validity period when it reaches expiration date you need to renew it.

  1. follow the following steps to install a certificate on your exchange server:
  2. generate a certificate request CSR  on your exchange server
  3. use the generated CSR to purchase your certificate from, lets say, GoDaddy
  4. complete pending certificate request on the exchange server once you have the certificate purchased.
  5. you can then export this certificate and import it into other exchange servers

follow these links to accomplish the above if you dont know how to
https://practical365.com/exchange-server/how-to-generate-ssl-certificate-request-exchange-2016/
https://practical365.com/exchange-server/exchange-2016-complete-pending-ssl-certificate-request/
https://practical365.com/exchange-server/exporting-and-importing-exchange-server-2016-ssl-certificates/
timgreen7077Exchange EngineerCommented:
It's recommended you get a cert from a public CA, and the cert should be a UCC SAN Cert. It's not recommended to use wildcard certs on Exchange. @Riaz Alexander Ansary did provide some good links on how to get he CSR and get the certs installed and services applied.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hani M .S. Al-habshiContributor as IT ExpertCommented:
Check SSL Certificates Help , UCC SAN certs

https://ph.godaddy.com/help/exchange-server-2016-install-a-certificate-27338

exchange server 2016 depend on autodiscover for connection anywhere , so you setup your  autodiscover.domain.com
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

dtssupportAuthor Commented:
Yes, all I needed was a UCC for up to 5 Domain/Sub-Domains, thank you very much!!  That SSL worked fine.
timgreen7077Exchange EngineerCommented:
Great, glad it worked for you.
dtssupportAuthor Commented:
thank you for your help, sorry for the delay in getting back to you guys....it's been a crazy 2 weeks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.