Out of the box Exchange 2010 comes with a self-signed certificate, generated and assigned automatically to exchange services during the installation of the Client Access Server role. It is provided as a temporary certificate – just to get you started, and it should be replaced as soon as possible.
There are three types of SSL certificates which you can use with Exchange server 2010:
1. Trusted Third-Party (commercial) Certificates – as the name suggests, they are issued by trusted CA (Certificate Authorities) and you have to pay for them. You can request and install a Multiple Domain certificate – also known as SAN (Subject Alternative Name), or UCC (Unified Communications Certificate). This is the recommended certificate for Exchange 2010 and we demonstrate how to request and install a GoDaddy Multiple Domain (UCC) certificate in this screencast.
Alternatively, you can request and install a Single Name certificate, which requires significant administrative efforts on your side – configuring split DNS, adjusting SCP and Web Services URL, configuring a SRV record in the external DNS zone, and still there will one time security (redirection) popup for the remote Outlook Anywhere clients.
2. Windows Public Key Infrastructure Certificates – in plain words this means installing and using a stand alone (we have already demonstrated this approach with Exchange 2007) or Enterprise Windows CA.
3. Self-signed certificate. Like the default, out of the box Exchange 2010 certificate, it is generated by Exchange server and valid for 5 years, but you can choose the included Common name and Subject Alternative names.
Ideally, you should be purchasing and installing a Multiple Domain (UCC) SSL certificate
In the following Step-by-Step video tutorial, you will see how to install and configure GoDaddy Multiple Domain (UCC) SSL Certificate in Exchange Server 2010.
Stay tuned on NetoMeter – subscribe to NetoMeter RSS.
Dean