As with Exchange 2007 and Exchange 2010, Exchange 2013 and Exchange 2016 require SSL Certificates configured with the correct SAN`s ( Subject Alternative Names ) if you would like to connect to it with and Outlook client or OWA over the web without receiving warnings that This site is not trusted. I come across a lot of Exchange 2007 installs that do not run SSL certs from trusted CA`s and they just run a self signed cert.
If you plan on using any of the services below then you must have a UCC Certificate for Exchange 2013 or Exchange 2016.
- Outlook Web App
- Exchange Web Services
- Outlook Anywhere
If you have just installed Exchange 2016 or Exchange 2016, then you will find the servers are installed with a self-signed SSL certificate. This self-signed certificate is fine for securing any SSL connections, the problem is that no clients will trust the server when they attempt to establish a connection to it, this will cause problems if you plan on using the Exchange 2013 or Exchange 2016 services listed above. The fix is to install a SSL certificate from a trusted CA such as GoDaddy.
Exchange 2013 and Exchange 2016 SAN Certificates
If you have installed SSL certificates for previous versions of Exchange the this process has not changed much. When connecting to Exchange 2013 or Exchange 2016 you may connect to it with a number of Subject Alternative Names (SAN`s).
- The fully qualified domain name (FQDN) of the Exchange server, eg Mailserver.Techieshelp.com
- DNS aliases for external access for OWA or RPC over HTTP, mail.Techieshelp.com or OWA.Techieshelp.com
- We also need to add the Autodiscover for the domain, Autodiscover.Techieshelp.com
The type of certificate required for this purpose is known as a SAN certificate or UCC certificate.
SAN (Subject Alternative Names) is an SSL certificate that allows your Exchange 2013 or Exchange 2016 server to be trusted for use with a number of names as shown above.
Where to Buy SSL Certificates for Exchange 2013 and Exchange 2016
The list is quite large however when doing Exchange 2010, Exchange 2013 or Exchange 2016 installation and migrations I normally stick with GoDaddy, Symantec, or Comodo.
How Do I Install SSL Certificates for Exchange 2013 and 2016?
This is a simple process, follow my guide on creating a certificate request in Exchange 2016 and 2013 and installing an SSL Certificate in Exchange 2016 and 2013