Microsoft Exchange server: which SSL to use? What about autodiscover. subdomain?

Symptom: internal access is working properly, but accessing with Outlook from remote locations is showing an error that autodiscover.yourdomain.com is not part of the SSL certificate.

Solution:

Don't use a single domain certificate, but a wildcard or mutli-domain certificate that not only includes "mail.company.com" but also "autodiscover.company.com".

If you have already ordered a single domain certificate, you can use the 14 days money-back-guarantee and replace it with the proper one.


Multi-Domain certificate:

As with a single domain certificate, create the CSR for "mail.company.com". When placing the CSR inside "My InterSSL", add "autodiscover.company.com" as a SAN Slot.


Wildcard certificate:
Simply create a CSR for *.company.com.  The autodiscover. domain will automatically be covered by the wildcard certificate.



White Paper: Understanding the Exchange 2010 Autodiscover Service

https://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx

Was this answer helpful?

 Print this Article

Also Read

Can i redirect non-SNI capable web browsers to an alternative site?

YES, it's possible to redirect non-SNI capable browsers (Internet Explorer auf Windows XP). -...

Is my X.509 certificate (.CRT) matching my private key and CSR files ? - OpenSSL commands for checking ...

You can use openssl to verify, wheter private-key, .CSR and .CRT are matching together: root@my...

Sectigo / Comodo Code Signing stuck - Using correct Firefox version to make it work

Code Signing certificates are requiring special browser features that not all web browsers are...

DNS Auth / DNS validation via CNAME

For DNS validation a CNAME entry has to be added in your domains DNS settings.You can use the...

Access Denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

See https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000zFJ4