SSL Certificate required RRS feed

  • Question

  • Hi All,

    I am new to both Exchange and Lync (pre warning)

    Is it required to have a valid (e.g. VeriSign) ssl certificate for exchange. In particular I have three employees who wish to access their email from their home, would a self signed ssl certificate cause problems, would this also prevent other companies sending us emails.



    Saturday, February 22, 2014 10:41 PM

All replies

  • Hi Ben

    It depends :-)

    You're not required to have a 3rd party SSL certificate but it is highly recommended :-)

    You usually use the 3rd party for OWA, Outlook Anywhere and ActiveSync. How are the users going to use the email from home? and is it a company PC or their own private workgroup pc?

    OWA, no problems. (they can just ignore the security warning).
    Outlook Anywhere, you will need a certificate with the correct names in it (e.g. mail.contoso.com from your own ca) and then give the root certificate to the users.
    ActiveSync, the phones don't trust your certificate - you'll need to take care of this also, like Outlook Anywhere.

    Mailflow, no problems.

    I would never go for a sollution without a 3rd party certificate. It costs about 135$/year @ GoDaddy.com

    You will need a UCC / SAN certificate. Then you assign the names you need. E.g. 

    autodiscover.contoso.com (for automatic setup of Outlook and Active Sync devices).
    outlook.contoso.com (for internal mapi use).
    mail.contoso.com (for external activesync, outlook anywhere, owa use)

    It will save you a lot of troubles.

    I hope it make sense otherwise let me know :-)


    Sunday, February 23, 2014 9:13 AM