Exchange Server 2013/2016 SSL Certificates and SANs

As with Exchange 2007 and Exchange 2010, Exchange 2013 and Exchange 2016 require  SSL Certificates configured with the correct SAN`s ( Subject Alternative Names ) if you would like to connect to it with and Outlook client or OWA over the web without receiving warnings that This site is not trusted. I come across a lot of Exchange 2007 installs that do not run SSL certs from trusted CA`s and they just run a self signed cert.

If you plan on using any of the services below then you must have a UCC Certificate for Exchange 2013 or Exchange 2016.

  • Outlook Web App
  • ActiveSync
  • Exchange Web Services
  • Outlook Anywhere

If you have just installed Exchange 2016 or Exchange 2016, then you will find the servers are installed with a self-signed SSL certificate.  This self-signed certificate is fine for securing any SSL connections, the problem is that no clients will trust the server when they attempt to establish a connection to it, this will cause problems if you plan on using the Exchange 2013 or Exchange 2016 services listed above.  The fix is to install a SSL certificate from a trusted CA such as GoDaddy.

Exchange 2013 and Exchange 2016 SAN Certificates

If you have installed SSL certificates for previous versions of Exchange the this process has not changed much. When connecting to Exchange 2013 or Exchange 2016 you may connect to it with a number of Subject Alternative Names (SAN`s).

  • The fully qualified domain name (FQDN) of the Exchange server, eg Mailserver.Techieshelp.com
  • DNS aliases for external access for OWA or RPC over HTTP,  mail.Techieshelp.com or OWA.Techieshelp.com
  • We also need to add the Autodiscover for the domain, Autodiscover.Techieshelp.com

The type of certificate required for this purpose is known as a SAN certificate or UCC certificate.

SAN (Subject Alternative Names) is an SSL certificate that allows your Exchange 2013 or Exchange 2016 server to be trusted for use with a number of names as shown above.

Where to Buy SSL Certificates for Exchange 2013 and Exchange 2016

The list is quite large however when doing Exchange 2010, Exchange 2013 or Exchange 2016 installation and migrations I normally stick with GoDaddy, Symantec, or Comodo.

How Do I Install SSL Certificates for Exchange 2013 and 2016?

This is a simple process, follow my guide on creating a certificate request in Exchange 2016 and 2013 and installing an SSL Certificate in Exchange 2016 and 2013

Tags: certificates, sans, ssl, ucc

Allen White

Allen is a Consultant for ITPS in the North East of England and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5 and HP ASE, AIS - Network Infrastructure.

Leave a comment

Categories

Vote!

What Web Browser Do You Use?

View Results

Loading ... Loading ...

Vote!

What do you prefer..VMware or Hyper-V?

View Results

Loading ... Loading ...