Public Certificates on Exchange 2007 CAS
I have a public certificate from Tawthe, and still using it on all web access on my company including Exchange 2003 RPC-HTTP and OWA.My local domain is abc.local and my public domain is abc.pt. I know that Exchange CAS create a certificate on installtion process. My quesion is:Can i still using my public certificate on Exchnage 2007 CAS to Outlook Anywhere? Can this impact on local clients authentication via autodiscover.abc.local?RegardsMartinsJose
September 29th, 2009 10:43am

You'll want to add a 3rd party certificate such as a certificate from Thawte. Keep in mind, that if you're using a service such as EAS or Outlook Anywhere (RPC/HTTPs), the self-signed certificate created during installation is not supported and you'll have to use a 3rd party certificate. I would check out some information on Proxying and Redirection to understand how the cutover works with your name on the certificate such as (mail.domain.com). As for autodiscover, the FQDN is based on the primary SMTP of a user. For example, if my primary SMTP was elan.shudnow@shudnow.net, I would make a connection to autodiscover.shudnow.net. This is only for clients that are not domain joined as well as clients who are remote and do not have direct connectivity to AD. For domain joined clients that are internal, they use the AutodiscoverServiceInternalURI (Set-ClientAccesServer -Server -AutodiscoverServiceInternalURI https://mail.domain.com/autodiscover/autodiscover.xml). Either way, you need to make sure that both FQDNs are on the certificate as well as all your other Exchange 2007 services. I go into depth about all of this in the following article: http://www.shudnow.net/2008/11/18/autodiscover-dns-certificates-and-what-you-need-to-know/MVP | MCITP: Enterprise Messaging Administrator | MCTS: OCS + Voice Specialization | http://www.shudnow.net
Free Windows Admin Tool Kit Click here and download it now
September 29th, 2009 5:03pm

HI,Elan has gave you excellent introduction about how working auto discover. Please bear in mind you should purchase SAN certificate (Subject Alternative Names) to implement AutoDiscover, Anywhere and availability services at external world. And both external URL and internal URL must match names of your certificate. I have mentioned below article for your reference. ResourcesMore on Exchange 2007 and certificates - with real world scenario Autodiscover Service and SAN/UCC Cert Names Certificate Use in Exchange Server 2007Regards Chinthaka Shameera | MCITP: EA | MCSE: M | http://howtoexchange.wordpress.com/
September 29th, 2009 6:37pm

Tanks Elan,this is the Certificate Subject:CN=webmail.abc.ptCN=Domain ValidatedCN=Tawte SSL 123 CertificateOU= Go ........O=webmail.abc.ptWe use this certificate on Exchange 2003 to RPC over HTTP, OWA in and outside the company. Is possible to create an alias on Public DNS like autodiscover.abc.pt=webmail.abc.pt and in my internal dns autodiscover.abc.local=my cas fqdn name?If is not possible, can i use just this current certificate outside and locally, use the original? Is there a way to change my web certificate to a SAN certificate?RegardsMartinsJose
Free Windows Admin Tool Kit Click here and download it now
September 30th, 2009 12:10am

If you wanted to use the same certificate, you could use an SRV record for Autodiscover on the outside. For the inside, refer to the following article I wrote on how to get this to work: Outlook 2007 Certificate Error MVP | MCITP: Enterprise Messaging Administrator | MCTS: OCS + Voice Specialization | http://www.shudnow.net
September 30th, 2009 1:09am

How do you see this scenario:Use local CAS certificates generated on CAS installation to server.abc.local and autodiscover.abc.localTo External Users (OWA, Outlook Anywhere, Mobile Access, ....), i could create another IIS instance and apply there my public certificate.This way i evict to acquire another Certificate.Regards
Free Windows Admin Tool Kit Click here and download it now
September 30th, 2009 8:31pm

HI,To publish OWA, anyware, Mobile access you should purchase SAN certificate and that certificate you should able to use for internal clients as well. Meanwhile you must try method mentioned by Elan. It was worked some small andmid size companies.A new feature is available that enables Outlook 2007 to use DNS Service Location (SRV) records to locate the Exchange Autodiscover serviceregards Chinthaka Shameera | MCITP: EA | MCSE: M | http://howtoexchange.wordpress.com/
September 30th, 2009 8:47pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics