Need to renew an SSL cert for Exch 2007
All, I'm renewing an SSL for my Exchange server. This is the first year with this company and I don't have much information about how the Exchange server is setup. So, I did a Get-ExchangeCertificate and see the old SSl I'm renewing has these domains: mail.domainname.com, domainname.com, domainname.local, autodiscover.domainname.com, autodiscover.domainname.local, servername.domainname.local, servername Autodiscover is working in our network. I can login as a domain user, open Outlook, and the user information will populate the Outlook settings. So I type in the shell, get-outlookprovider and get this output: [PS] C:\Windows\System32>get-outlookprovider Name Server CertPrincipalName TTL ---- ------ ----------------- --- EXCH 1 EXPR 1 WEB 1 From what I've read, you need to assign a provider for autodiscover to work. I only have one Exchange server. How does this work? Second question, autodiscover.domainname.com or .local is not in my DNS. I looked in DNS manager and I can't ping either one. How can I tell what DNS name Autodiscover is using? I'm trying to find out which domain names I'm actually using so I can order just what I need in the SSL certificate. Thanks!
June 23rd, 2011 8:23pm

1. Run: Get-ClientAccessServer | FL Name,AutoDiscoverServiceInternalUri and you'll see the URL that's provided to domain-joined Outlook clients for Autodiscover. 2. You only need autodiscover.domain.com or autodiscover.domain.local if you are connecting from a non-domain-joined machine or from the Internet. You shouldn't ever need autodiscover.domain.local since you don't have any e-mail addresses with domain.local. (That's an assumption, but a pretty safe one, I should think.)Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2011 8:34pm

Thanks. My AutoDiscoverServiceInternalUri is: https://servername.domainname.local/autodiscover/autodiscover.xml So as I understand it, I am not using autodiscover.domainname at all. So I will not add those domains to the SSL certificate. I will add: mail.domainname.com, mail.domainname.local servername.domainname.local, servername Is this correct? Remember, It's working and there is no DNS for autodiscover.domainname currently. Also, I'm not interested in Autodiscover outside the network (Internet)
June 24th, 2011 11:36am

You only need URLs that people will actually use. You don't need both .com and .local URLs unless users use them. However, there's nothing wrong with adding all kinds of URLs if you are generating the certificate yourself and it costs you nothing, which I presume is the case because a commercial issuer won't issue .local certificates. In that case, why not leave autodiscover present? Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2011 1:20pm

This is a commercial certificate. It's called an EVA certificate where you can pay for multiple domain names. That's why I'm trying to figure out exactly what I need.
June 24th, 2011 3:01pm

If you are using Outlook Anywhere, then you need autodiscover. Autodiscover is not just the configuration of Outlook, but also availability. You don't need the root of the domain. The only URLs that I would include would be: host.example.com (common name) autodiscover.example.com server.example.local (server FQDN) server (server NETBIOS). No others are required. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2011 5:39pm

excellent, thanks.
June 24th, 2011 6:08pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics