Which type of certificate can I use for OWA and Outlook Anywhere? (Exch. 2010)
Hello girls and boys :),
We are going to deploy a new Exchange 2010 server (Current Exchange 2003 Organization, without OWA and without RPC over HTTPS).
With the new exchange 2010 platform, we are going to deploy and use OWA and Outlook Anywhere (Office 2007/2010).
The question is, is it necesary that the certificate that we use must be generated from an outside official Ceriticate Entity?. I mean, if we use a Certificate entitity server (of our domain) to generate the certificate with all the names needed (autodiscover,
owa, server, etc...), will the message of Certificate not valid appear, even in the OWA or the Outlook?.
Thanks at all,
November 2nd, 2010 9:03am
Short answer is that you can use any certificate that will be trusted by the clients accessing. This means public or certificates issued be an internal CA. The trick with using one from an insternal CA is that you must make sure that the certificate
chain is correctly imported into ANY device that might connect (mobile phones, home pc's, etc.) My advice is to save yourself a lot of headache and hours, and go with a public cert. They are relatively cheap (godaddy) and easier to manage.
Here are some links to using certificates with Exch 2010:
http://technet.microsoft.com/en-us/library/dd351044.aspx
http://technet.microsoft.com/en-us/library/bb430792.aspx
Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2010 9:12am
Totally agree with Tim. The only time I recommend Internal CA certs are for non-internet facing CAS.
Also note. Do not use the self-signed Exchange 2010 certificate that is generated during setup - (Except for those HT only role servers that do not send or receive directly to/from the Internet). Outlook 2010 and Communicator do not trust it out of the box.
November 2nd, 2010 9:39am
Hello
In addition to Andy and Tim i would recommend u to go for SAN certificate which will help you to specify a list of host names to be protected by a single SSL certificate
Secure multiple Exchange 2010 services (OWA, SMTP, Autodiscovery, ActiveSync, and Outlook Anywhere) with one UCC Certificate.
Thanks
MhussainThanks Mhussain
Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2010 4:08pm
Hi,
Resuming. With outlook anywhere and OWA, an external Certificate, thanks, thats so clear.
The last topic, about SAN certificate, what exactly you mean?...
thanks for all...
November 9th, 2010 5:25am
Hi,
It is a certificate that includes more than one name.
Normally you would add these names
mail.domain.com
autodiscover.com
There are more to add but it depends on your setup, if you are using a CAS array it would be a good idea to include the name of the array and if not add the name of the CAS server that handles outlook access. There is also an option of secure smtp trafik,
in that case you add names for the HT server.
More info from digicert here:
http://www.digicert.com/ssl-support/exchange-2010-san-names.htm
More info from Microsoft here:
http://technet.microsoft.com/en-us/library/dd351044.aspx
/MartinExchange is a passion not just a collaboration software.
Free Windows Admin Tool Kit Click here and download it now
November 9th, 2010 5:30am