Out of the box Exchange 2010 comes with a self-signed certificate, generated and assigned automatically to exchange services during the installation of the Client Access Server role. This certificate Fig 1 is considered a temporary solution, provided just to get you started with Exchange 2010, and you should replace it as soon as possible.
There are three types of SSL certificates which you can use with Exchange server 2010, and let’s say a couple of words about them, as you might be confused by the terminology:
1. Trusted Third-Party (commercial) Certificates – as the name suggests, they are issued by trusted CA (Certificate Authorities) and you have to pay for them. You can request and install a Multiple Domain certificate – also known as SAN (Subject Alternative Name), or UCC (Unified Communications Certificate). This is the recommended certificate for Exchange 2010 and we demonstrate how to request and install a GoDaddy Multiple Domain (UCC) certificate in this screencast.
Alternatively, you can request and install a Single Name certificate, which requires significant administrative efforts on your side – configuring split DNS, adjusting SCP and Web Services URL, configuring a SRV record in the external DNS zone, and still there will one time security (redirection) popup for the remote Outlook Anywhere clients.
2. Windows Public Key Infrastructure Certificates – in plain words this means installing and using a stand alone (we have already demonstrated this approach with Exchange 2007) or Enterprise Windows CA.
3. Self-signed certificate. Like the default, out of the box Exchange 2010 certificate, it is generated by Exchange server and valid for 5 years, but you can choose the included Common name and Subject Alternative names.
Ideally, you should be purchasing and installing a Multiple Domain (UCC) SSL certificate, and we are demonstrating Step-by-Step the whole process in this Screencast. Using Exchange Management shell is not necessary anymore, as Exchange 2010 includes a New Exchange Certificate wizard. As you will see, it is crucial to be perfectly clear about the names that you need included in the certificate – relying on the wizard might get you confused.
To keep things simple, we will dedicate separate a Screencasts for Exchange 2010 Outlook Anywhere configuration.
In the following Screencast, we will demonstrate the installation and configuration of a GoDaddy Multiple Domain (UCC) SSL Certificate in Exchange Server 2010.
In our demo, we are using a Single Exchange Server 2010 SP1 scenario.