Author: Zvi Fried
Valid for Exchange 2007 /2010
What is Exchange Certificate?
Exchange Certificate is a digital certificate designed to allow access
Secured to the CAS server in most cases using SSL encrypted HTTP protocol.
Common examples of Exchange Certificate use:
Email synchronization service for smartphone (Exchange ActiveSync)
Remote access to the Exchange account using Outlook - Outlook Anyware / RPC Over HTTPS
Access through a browser - Outlook Web Access / Outlook Web APP
Exchange Autodiscover
The certification we are discussing is a self-signed certificate.
Its main advantage is that it is free, there is no money, and it only takes a few seconds to create it.
Its main disadvantage is that it is not recognized as valid since its creator is not found
in the Trusted Root list, so we will have to add it there manually or embed it
same to all users in the organization via GPO.
Critical notes:
The domain name must be the same in 100% as the name of the A record you are surfing to.
The certification will replace the previous certification in all IIS services.
(You must type it from Exchange Power Shell)
example: [PS] C:\Windows\System32>New-ExchangeCertificate -DomainName my-external-domain.com -services IIS
My recommendation is to create an Exchange WildCard Certificate.
This means that the same certification will work in all the sub domains I have such as:
mail.my-external-domain.com
owa.my-external-domain.com
autodiscover.my-external-domain.com
sharepoint.my-external-domain.com
And of course there is no limit. All you have to do is add a dot asterisk before the main domain, then it will look like this:
example: [PS] C:\Windows\System32>New-ExchangeCertificate -DomainName *.my-external-domain.com -services IIS
