Screencasts / Exchange 2013 / Screencast: How to Install Self-Signed Multiple Domain Certificate (UCC) in Exchange 2013

One of the first tasks that you need to perform on a new Exchange 2013 CAS or multirole server is to install and assign a new certificate to the available services. The out of the box self-signed certificate is provided simply as a temporary solution and has the following limitations:
- It is not trusted by domain and remote clients
- The Common Name (CN) of the certificate is the short/NetBIOS name of Exchange server
- Only Exchange internal Fully Qualified Domain name (FQDN) is included as a Subject Alternative name (SAN)
- The autodiscover and Exchange Public names are not included in the SAN field

As a result, we get the following problems:
- Internal Outlook clients and internal/remote OWA users get a security warning.
- Outlook Anywhere (OA) is not working. Even if you manually configure OA profile and add the certificate to the local Trusted Root Certificate authorities, Exchange public FQDN is not included in the certificate and Outlook Anywhere fails.

The recommended approach is to install a UCC from a trusted certificate Authority. There are cases when you might choose to use a different approach – replace the out of the box self-signed certificate with a new self-signed certificate that uses Exchange Public name as a Common Name (CN) and includes the Autodiscover FQDN. Typical examples are:
- Implementing a test environment with Exchange 2013.
- Limited number of remote users.
- You simply need more time, until you choose a suitable Certificate provider and buy a commercial UCC.

As you can see in our Screencast, generating and installing a new self-signed Multiple Domain Exchange certificate that fits your needs is extremely easy and straight forward. Moreover, creating a Group Policy to distribute the certificate to Domain Clients, and publishing the certificate, so remote clients can install and use it with OWA and Outlook Anywhere, takes literally a couple of minutes.

         Click here to login. Not yet registered - click here to register




  • Testimonials:
  • I just finished the "Upgrade from Exchange 2007 to 2013" Part I screencast and must tell you that it is extremely well done! I found no variances between the video/script and what I experienced. At the end of Part 1 ...
                       Bob Duffett, Priority Software Inc. ...more...

Copyright © 2016 NetoMeter All rights reserved | Privacy policy | Contact Us: 1.800.681.7309