Exchange 2013 & SSL certificates

BlizzardX · 18 Sep 2013 at 00:37

I'm helping a friend build a personal exchange server on Windows 2012 (he's got access to dreamspark from his university work). Due to the security inbuilt to Exchange 2013, SSL certificates are now required for full access. His AD is setup so the internal domain name is the same as his publicly owned domain.

Normally you would use a UCC cert that can do SANs however they're quite expensive and overkill for a personal server; can you define owa, oab, ecp, ews etc under a single acccess name i.e. mail.domain.com and then only require the follwoing certs?

mail.domain.com
server.domain.com
domain.com
autodiscover.domain.com

Would this work fine with the appropriate change to the virtual directories; i.e. external owa becomes https://mail.domain.com

Cheers,

Chris

madman045 · 18 Sep 2013 at 01:27

I am going to assume this is a test environment for your friend?

Might not want to change the defaults, but generate your own SAN certificate

http://cavarpe.wordpress.com/2012/11/26/generate-self-signed-ssl-certificates-for-exchange/

BlizzardX · 18 Sep 2013 at 02:14

Hey madman,

Nope he wants this to be a full environment for him, I'm simply helping him set it up but I've not played with exchange before.

By using a CA, his internal connections will be trusted but as this is a live environment he wants it on his phone and accessable via owa hence the need for pki certs.

Django x2 · 18 Sep 2013 at 14:09

They aren't "required" for full access. You can access OWA / Phone / ECP, etc without SSL from anywhere but for Outlook (RPC) you would need to either be on the same LAN or VPN in.