Thursday, 12 November 2015

Exchange 2013, 2016 - Single name certificate

Is it possible to configure Exchange 2010, 2013 or 2016 to use a single name certificate?


The answer is yes but I guess you'll want a little more information.

It's possible to configure all your virtual directory URLs, Outlook Anywhere and the AutodiscoverServiceInternalUri to use the same hostname, for example mail.litwareinc.com. 

Let's say we have configured our namespace for all services to use mail.litwareinc.com.

The problem comes when Outlook performs autodiscover and needs to connect to https://autodiscover.litwareinc.com/autodiscover/autodiscover.xml because you'll get a certificate warning as autodiscover.litwareinc.com is not on the certificate.

To get around this issue, you simply prevent Outlook using this method to find the autodiscover response by removing the A record and enable another method using an SRV record. Using this method, you configure an SRV record _autodiscover._tcp.litwareinc.com which directs Outlook to connect to mail.litwareinc.com. Autodiscover.litwareinc.com is not required on the certificate. 

For more information about configuring the SRV method for autodiscover, see here.

No comments:

Post a Comment