Hello girls and boys :), We are going to deploy a new Exchange 2010 server (Current Exchange 2003 Organization, without OWA and without RPC over HTTPS). With the new exchange 2010 platform, we are going to deploy and use OWA and Outlook Anywhere (Office 2007/2010). The question is, is it necesary that the certificate that we use must be generated from an outside official Ceriticate Entity?. I mean, if we use a Certificate entitity server (of our domain) to generate the certificate with all the names needed (autodiscover, owa, server, etc...), will the message of Certificate not valid appear, even in the OWA or the Outlook?. Thanks at all,

Short answer is that you can use any certificate that will be trusted by the clients accessing. This means public or certificates issued be an internal CA. The trick with using one from an insternal CA is that you must make sure that the certificate chain is correctly imported into ANY device that might connect (mobile phones, home pc's, etc.) My advice is to save yourself a lot of headache and hours, and go with a public cert. They are relatively cheap (godaddy) and easier to manage. Here are some links to using certificates with Exch 2010: http://technet.microsoft.com/en-us/library/dd351044.aspx http://technet.microsoft.com/en-us/library/bb430792.aspx Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com

Totally agree with Tim. The only time I recommend Internal CA certs are for non-internet facing CAS. Also note. Do not use the self-signed Exchange 2010 certificate that is generated during setup - (Except for those HT only role servers that do not send or receive directly to/from the Internet). Outlook 2010 and Communicator do not trust it out of the box.

Hello In addition to Andy and Tim i would recommend u to go for SAN certificate which will help you to specify a list of host names to be protected by a single SSL certificate Secure multiple Exchange 2010 services (OWA, SMTP, Autodiscovery, ActiveSync, and Outlook Anywhere) with one UCC Certificate. Thanks MhussainThanks Mhussain

Hi, Resuming. With outlook anywhere and OWA, an external Certificate, thanks, thats so clear. The last topic, about SAN certificate, what exactly you mean?... thanks for all...

Hi, It is a certificate that includes more than one name. Normally you would add these names mail.domain.com autodiscover.com There are more to add but it depends on your setup, if you are using a CAS array it would be a good idea to include the name of the array and if not add the name of the CAS server that handles outlook access. There is also an option of secure smtp trafik, in that case you add names for the HT server. More info from digicert here: http://www.digicert.com/ssl-support/exchange-2010-san-names.htm More info from Microsoft here: http://technet.microsoft.com/en-us/library/dd351044.aspx /MartinExchange is a passion not just a collaboration software.