+ Post New Thread
Results 1 to 10 of 10
Enterprise Software Thread, Exchange Certificate help please in Technical; Hi All, I need to add autodiscover.domain.com as a SAN to my existing self signed exchange cert. How do I ...
  1. #1
    Mr_M_Cox's Avatar
    Join Date
    May 2007
    Location
    Portsmouth
    Posts
    155
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Exchange Certificate help please

    Hi All,

    I need to add autodiscover.domain.com as a SAN to my existing self signed exchange cert.

    How do I do this? If I have to create a new one that's fine but some instruction would be great.

  2. #2

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    3,099
    Thank Post
    885
    Thanked 610 Times in 479 Posts
    Rep Power
    281
    This may be of no help at all, but we just bought a *.domain.com wildcard certificate from godaddy.com to cover all bases...

  3. #3
    Mr_M_Cox's Avatar
    Join Date
    May 2007
    Location
    Portsmouth
    Posts
    155
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Thanks for the reply. I want to avoid having to buy a cert. Client doesn't want to spend £.

    They currently have a self signed cert which covers mail.domain.com, remote.domain.com but not autodiscover.domain.com.

    Now when a PC, which is not on the domain, using Outlook to connect to the exchange server they get the name mismatch error all the time because it cant find autodiscover.domain.com in the cert.

  4. #4

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    3,099
    Thank Post
    885
    Thanked 610 Times in 479 Posts
    Rep Power
    281
    We didn't want to spend $ either, but we had the same issue and our consulting company basically told our head to stop being tight as there wasn't another way to do it!

  5. #5

    Join Date
    Apr 2007
    Location
    Cornwall
    Posts
    333
    Thank Post
    21
    Thanked 94 Times in 65 Posts
    Rep Power
    40
    Hi,

    We have a wildcard certificate, but have to purchase a separate certificate for exchange because of this local entry being necessary. The Subject Alternate Name needs to be specified when creating the certificate - I know we had to but another in the end, therefore costing us extra cash which was a pain. Your preferred certificate provider should be able to sell you a certificate with a SAN included, if you search on their website.

    Meldrew

  6. #6
    Mr_M_Cox's Avatar
    Join Date
    May 2007
    Location
    Portsmouth
    Posts
    155
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Could I create a whole new self signed cert just for autodiscover.domain.com and use that along side the existing one? Really cant go down the road of paying for anything.

  7. #7

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,111
    Thank Post
    217
    Thanked 1,343 Times in 821 Posts
    Blog Entries
    4
    Rep Power
    526
    If it's not a domain machine and you're using an internally or self signed cert - you'll have to import the root certificate to each machine to get the client to trust it

  8. #8
    Mr_M_Cox's Avatar
    Join Date
    May 2007
    Location
    Portsmouth
    Posts
    155
    Thank Post
    5
    Thanked 1 Time in 1 Post
    Rep Power
    0
    how would I go about identifying the correct root cert? I have already installed the cert which presents the error. It was installed into the trusted root authority folder

  9. #9

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,111
    Thank Post
    217
    Thanked 1,343 Times in 821 Posts
    Blog Entries
    4
    Rep Power
    526
    Is it signed by an internal CA, or was it created by exchange? if exchange, this should work: Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista - The Windows Server Essentials and Small Business Server Blog - Site Home - TechNet Blogs

    If it's a internal CA, you'll need to get the root cert from the certificates manager of that box.

    I'd also say, it's easier to have a SAN with all the names in rather than separate certs for roles, as it starts getting a bit messy. That said using an internally signed cert for external clients is going to be messy anyway.

    This is also worth a read: Exchange 2010: Autodiscover Names and SSL Certificates

  10. #10

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    899
    Thank Post
    282
    Thanked 141 Times in 114 Posts
    Blog Entries
    28
    Rep Power
    42
    Quote Originally Posted by Oaktech View Post
    We didn't want to spend $ either, but we had the same issue and our consulting company basically told our head to stop being tight as there wasn't another way to do it!
    Worth pointing out at this point that SWGfL can do certificates via JANET. Cost is £35 for a three year certificate. I've just installed a new certificate this morning on our Exchange 2007 server. Only downside it takes about 48Hrs for the process to run but we got there in the end, SWGfL were very helpful.

    Pete



SHARE:
+ Post New Thread

Similar Threads

  1. Self Signed Exchange Certificate Help
    By CHR1S in forum Enterprise Software
    Replies: 7
    Last Post: 3rd November 2012, 04:56 PM
  2. IIS7 Configuration help and SSL Certificate help please!!!!
    By pcwise27 in forum Windows Server 2008 R2
    Replies: 1
    Last Post: 21st August 2012, 10:24 AM
  3. Exchange N00b help please
    By andyturpie in forum Enterprise Software
    Replies: 4
    Last Post: 3rd October 2011, 10:15 AM
  4. some advanced exchange 2010 help needed please
    By RabbieBurns in forum Enterprise Software
    Replies: 42
    Last Post: 15th March 2011, 10:33 PM
  5. Replies: 5
    Last Post: 4th July 2006, 06:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •