Hello,I am interested in purchasing an SSL certificatefor my company. Let me give you a background of what is happening. We have an Exchange server, (ex:computername)We have Outlook Web Access enabled, (ex: https://mail.domainname1.com/owa)We have Outlook Anywhere enabled,and we have two domain names, (ex: domainname1 and domainname2)As you can see,the Exchange server name and the Outlook Web Access address are completely different.Currently, there is a certificate generated for our server using our server's local name. Internally, users are able to connect to the Exchange server with Outlook and are able to use OutlookWeb Access without having any security warnings come up. However, externally users who try to use OWA are prompted with a warning screen saying that there is a problem with the website's security certificate, and that the security certificate presented by the website was not issued by a trusted certificate authority.Additionally,users who try to use Outlook Anywhere are prompted with a security alert, with an address ofautodiscover.domainname2.com (notice, it is domainname2 that is appearing), stating that the name on the security certificate is invalid or does not match the name of the site. Then, a second security alert immediately follows, this one is from computername.domain.local stating that the security certificate was issued by a company you have chosen not to trust.I was thinking about trying before buying, using Comodo's Instant SSL (Found here: http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html). But, I am a little confused as to what to put in for our FQDN. Do I put in our server's local name, our OWA address (https://mail.domainname1.com/owa) oran autodiscover address (if so what domainname do I use)?Where does domainname2 come into play here? Let me be clear that OWA only needs to work with domainname1 and not domainname2 and that it is only be appearing when users try to connect to Exchange using Outlook Anywhere.Thanks for the assistance!

Hi,What name did you enter when enabling Outlook anywhere? (my guess is mail.domainame2.com - change this to mail.domainame1.com)You need to look into a SAN certificate.On the certificate you need the following addresses:mail.domainname1.comautodiscover.domainname1.comcomputernamecomputername.domain.localLeif

A SAN certificate (Unified Communications Certificate) which can contain domain names and other names of services that users will use and install it into the CAS server Exchange 2007 lessons learned - generating a certificate with a 3rd party CA More on Exchange 2007 and certificates - with real world scenario Certificate Use in Exchange Server 2007 Unified Communications Certificate Partners for Exchange 2007 and for Communications Server 2007 Exchange 2007 Autodiscover and certificates

Thank you both for your answers.Leif, Outlook anywhere is set to use mail.domainname1.com - so I wonder why a warning is coming up with autodiscover.domainname2.com while using Outlook anywhere, and if I will need to include autodiscover.domainname2.com on the certificate?

The two domain names you have, are they just the registered domain name on the Internet? Your internal domain is domain.local, right? The DNS record points Mail.domain1.com to the public IP of the exchange server, right? When users try to use outlook anywhere with AutoDiscover service on the Internet, outlook must use DNS to locate AutoDiscover for required data to configure the outlook automatically. User needs to input the e-mail address and password, and then outlook will use the SMTP suffix of the e-mail address to locate the AutoDiscover via a predetermined order of URL https://domain.com/autodiscover/autodiscover.xml https://autodiscover.domain.com/autodiscover/autodiscover.xml In your case, I assume the e-mail address you input is username@domainname2.com, and you want to let outlook auto-configure the settings. Thats why outlook got the certificate warning about autodiscover.domainname2.com Whats the e-mail SMTP address space exactly, @domainname1.com or @domainname2.com? Have you got the DNS record that point Autodiscover.domainname1.com to the public IP of the exchange server? If not, we must manually configure the outlook anywhere Resources: Configuring Outlook Anywhere for Exchange 2007 SP1 Exchange 2007 Autodiscover Service Part 1

There is a DNS record that points autodiscover.domain.local to computername.domain.local, not to the public IP of the exchange server.We use bothusername@domainname1.comand username@domainname2.com SMTP addresses at our company. The test user account I'm using ison a@domainname2.com domain, so that could be why the autodiscover address is coming up with that domain. However, in Outlook, under the Microsoft Exchange Proxy Settings, it is configured to connect to https://mail.domainname1.com.

Let me explain about the https://mail.domainname1.com in the Exchange Proxy Settings: After we enter the e-mail address and password when set the mail account externally, outlook must connect to the proxy server (CAS server) before it use DNS to locate AutoDiscover URL, in order to bind required ports with mailbox server role and GC for communication Outlook also use the SMTP suffix of the e-mail address to locate the proxy server, in this case, its domainname2.com, I assume that you have the DNS record that point domainname2.com to mail.domainname1.com externally. And its the reason that outlook can get the URL https://mail.domainname1.com in the Exchange Proxy Settings We need to put both autodiscover.domainname1.com and autodiscover.domainname2.com into the certificate, since users use both @domainname1.com and @domainname2.com And also, we need to have DNS record that point autodiscover.domainname1.com and autodiscover.domainname2.com to the FQDN of CAS server or the public IP of CAS server externally, so outlook can locate the right server to get the right response

And also, we need to have DNS record that point autodiscover.domainname1.com and autodiscover.domainname2.com to the FQDN of CAS server or the public IP of CAS server externally, so outlook can locate the right server to get the right response This is the part that confuses me. Do Ipoint thetwo DNS records for both autodiscover addresses to http://mail.domainname.com/owa, or should I point them tothe public IP of our network?

Please point them to the public IP of CAS server