Ok so we are in the process of enabling OWA and Active sync. I know my self signed cert is coming up on 7/15. I would like to upgrade the certs for more than a one year time frame. I want to be able to access owa and active sync from the domain owa.webdomain.com. Our internal domain is 2003domain.webdomain.com. The FQDN for the exchange server is Server12.2003domain.webdomain.com. How exactly do I accomplish this so that OWA, activesync and they exchange server are using new certs for the next couple of years? I need very basic step by step instructions or a video tutorial please. Thanks Jon

yes you can configure the self ssl for OWA and also for Active sync. below is the article which will helps you to configure ssl step by step SSL for OWA http://www.msexchange.org/tutorials/Creating-Certificate-OWA2003-SelfSSL.html and SSL for Active Sync http://www.petri.co.il/configure_ssl_on_oma.htm Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|

Vinod gave you information about Exchange 2003 here is some information about SSL Certificate on Exchange 2007. Exchange 2007 SSL CSR Command Wizard (The faster way to make your CSR in Exchange 2007) https://www.digicert.com/easy-csr/exchange2007.htmHow to Install an SSL Certificate on a Client Access Serverhttp://technet.microsoft.com/en-us/library/bb310769.aspxHow to use SSL Certificates with Exchange 2007http://www.sslshopper.com/article-how-to-use-ssl-certificates-with-exchange-2007.htmlGenerating a certificate with a 3rd party CAhttp://msexchangeteam.com/archive/2007/02/19/435472.aspxhope these articles would help you. MCSE,CCNA,VCP,APP

So I would need to get5 certs?1. mail.myexternaldomain.com2. autodiscover.myexternaldomain.comMy internal domain which is 3.internaldomainname.myexternaldomain.com4. servername5. servername.internaldomainname.myexternaldomain.comDo I need to get another one for myexternaldomain.com????? We already have one but it is for an ecomerce site we host off site.Thanks!

Just to clarify we do use Outlook 2007 so I have heard that we have to use a UCC cert.

no you need 1 cert.this is SAN certificate.you type all this ext and int addresses to one cert. like:New-ExchangeCertificate -GenerateRequest -Path c:\company.csr -KeySize 2048 -SubjectName "c=US, s=, l=, o=datamarket, ou=IT, cn=company" -DomainName istanbul, istanbul.intdomain, istanbul.extdomain, autodiscover.intdomain, autodiscover.extdomain, mail.extdomain -PrivateKeyExportable $Truethis is CSR certificate.when you use exchange 2007 and outlook 2003/2007 this cert is for you.you can create this command with digicerts tool faster.https://www.digicert.com/easy-csr/exchange2007.htmMCSE,CCNA,VCP,APP

Yes, a UCC certificate will satisfy the needs Please seek for the names that use HTTPS, which would need to be added into the certificate. And internally, the FQDN and NetBIOS name of the exchange server I saw the others have provided lots of links about the certificate, you may not want any more link J but heres one that specifically described the scenario of UCC, and its pro/con More on Exchange 2007 and certificates - with real world scenario

So is there a difference between a UCC and a SAN Cert? If so, what would that be?I was planning on getting one from:http://www.godaddy.com/gdshop/ssl/ssl.asp?ci=9039Thanks,Jon

No difference: This is done thru something called a Unified Communications Certificate also know as a Subject Alternative Name Certificate --------Refer to < Exchange 2007 Autodiscover and certificates >

Ok this is where I am confused: What domain names do I use? Because every place I check its different???Digicert says:Microsoft recommends including your Exchange server's NetBIOS name, its FQDN, and autodiscover.yourdomain.com. as well as mail.yourcompany.com More on Exchange 2007 and certificates - with real world scenario says:mail.contoso.comcontoso.comcontoso.localautodiscover.contoso.comServer01.contoso.localServer01ismail yilmaz says:-DomainName istanbul,istanbul.intdomain, istanbul.extdomain, autodiscover.intdomain, autodiscover.extdomain, mail.extdomainassuming istanbul is the servername.I would like to keep it under 5 so that I can use http://certificatesforexchange.com/for 59.99The only consistant ones I can see aremail.externaldomainautodiscover.externaldomainnetbios server nameFQDN-netbios.internaldomain

Officially, the NetBIOS names of the server are not required. But many users and admins like to use OWA internally and this will prevent unnecessary warnings about the cert when they log on --------Refer to <More on Exchange 2007 and certificates - with real world scenario> So, as long as we make sure that users will use FQDN for OWA access, NetBIOS name wont need to be added And, just verify if all the names that will use HTTPS have been added. Eventually, they are the names requiring the certificate to secure