Geforce
asked on
Autodiscover Certificate (Exchange 2016).
Hi,
I am running exchange server 2016 with two domains tenant environment.
I am using webmail.domain.net.au as OWA/ECP and Outlook Anywhere and install the 3rd party certificate.
I generate another CSR for autodiscover.domain.com.au . I install the certificate. I am not sure about services. which service i assign for autodiscover.domain.com.au .
Please review the attach image. I would like to use webmail.domain.net.au as OWA/ECP and Outlook Anywhere but autodiscover.domain.com.au for auto configuration.
Please note: webmail.domain.net.au and autodiscover.domain.com.au both are different domains.
Auto.jpg
I am running exchange server 2016 with two domains tenant environment.
I am using webmail.domain.net.au as OWA/ECP and Outlook Anywhere and install the 3rd party certificate.
I generate another CSR for autodiscover.domain.com.au
Please review the attach image. I would like to use webmail.domain.net.au as OWA/ECP and Outlook Anywhere but autodiscover.domain.com.au
Please note: webmail.domain.net.au and autodiscover.domain.com.au
Auto.jpg
ASKER
I have two certificate one for webmail.domain.net.au and other is autodiscover.domain.com.au
I created the CSR from Exchange server Certificate tab.
2 CSR. one for webmail.domain.net.au and other is autodiscover.domain.com.au
I created the CSR from Exchange server Certificate tab.
2 CSR. one for webmail.domain.net.au and other is autodiscover.domain.com.au
IIS for :
TLS encryption for internal and external client connections that use HTTP. This includes:
Autodiscover
Exchange ActiveSync
Exchange admin center
Exchange Web Services
Offline address book (OAB) distribution
Outlook Anywhere (RPC over HTTP)
Outlook MAPI over HTTP
Outlook on the web
=====================
https://docs.microsoft.com/en-us/exchange/architecture/client-access/assign-certificates-to-services?view=exchserver-2019
TLS encryption for internal and external client connections that use HTTP. This includes:
Autodiscover
Exchange ActiveSync
Exchange admin center
Exchange Web Services
Offline address book (OAB) distribution
Outlook Anywhere (RPC over HTTP)
Outlook MAPI over HTTP
Outlook on the web
=====================
https://docs.microsoft.com/en-us/exchange/architecture/client-access/assign-certificates-to-services?view=exchserver-2019
ASKER
Guys,
long story short.
I have two certificates (both are created vie exchange server 2016 certificates tab).
One: webmail.domain.net.au (Please note domain name)
2nd: autodiscover.domain.com.au (Please note domain name)
Domain names are different:
Requirement:
I would like to use webmail.domain.net.au as OWA/ECP/Outlook Anywhere both domains.
I would like to use autodiscover.domain.com.au only for domain.com.au. means when any user@domain.com.au configure outlook than it uses this certificate.
How its possible?
I know I can use SRV record and use only webmail.domain.net.au certificate but this is requirement from client site as they need autodiscover.domain.net.au record.
Note: I am not using SAN certificate. Its simple single domain certificate so please let me know how to achieve above goal.
long story short.
I have two certificates (both are created vie exchange server 2016 certificates tab).
One: webmail.domain.net.au (Please note domain name)
2nd: autodiscover.domain.com.au
Domain names are different:
Requirement:
I would like to use webmail.domain.net.au as OWA/ECP/Outlook Anywhere both domains.
I would like to use autodiscover.domain.com.au
How its possible?
I know I can use SRV record and use only webmail.domain.net.au certificate but this is requirement from client site as they need autodiscover.domain.net.au
Note: I am not using SAN certificate. Its simple single domain certificate so please let me know how to achieve above goal.
Use External DNS and local DNS
1-forward webmail to webmail.domain.net.au IP address.
2-forward only autodiscover to autodiscover.domain.com.au IP address
& Deny external access to OWA/ECP .
1-forward webmail to webmail.domain.net.au IP address.
2-forward only autodiscover to autodiscover.domain.com.au
& Deny external access to OWA/ECP .
ASKER
Hi Hani M .S. Al-habshi,
Thanks for the suggestion.
webmail.domain.net.au points to public.
autodiscover.domain.com.au points to same public IP.
I don't want to restrict external access because all users are external. There is no internal users. Its hosted exchange server
My question: do I need to assign any service for autodiscover.domain.com.au certificate.
Thanks for the suggestion.
webmail.domain.net.au points to public.
autodiscover.domain.com.au
I don't want to restrict external access because all users are external. There is no internal users. Its hosted exchange server
My question: do I need to assign any service for autodiscover.domain.com.au
ASKER
Hi,
I am not sure did you understand my question properly. How I can run two certificates in one server? One for autodiscover and one for OWA.
I am not sure did you understand my question properly. How I can run two certificates in one server? One for autodiscover and one for OWA.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We can not run two certificate in one exchange server. We need SAN or multi-domain certificate.
Same CSR or 2 CSR ?
Now you have 1 Cert or 2 ?