Tag Archives: PKI

Autodiscover in Exchange part III

Autodiscover is a standard feature in Exchange Server 2007 and higher that’s being used by Outlook 2007 and higher. Looking at the number of questions I get regarding autodiscover I’ve written a number of blogposts that will look into Autodiscover in depth:

In Part I I’ve explained how domain joined clients work with autodiscover information that’s stored in Active Directory. In Part II I’ve explained how the same (domain joined) client behaves on an external network like the Internet.

Both posts work with the self-signed certificate, but it’s much better (and recommended!) to use a 3rd party certificate or a certificate of an internal PKI environment. Continue reading Autodiscover in Exchange part III

Exchange 2010 and your own PKI infrastructure

When it comes to Exchange Server 2007 or Exchange Server 2010 it is a best practice to use a real world SSL certificate for the Client Access Server. In Microsoft knowledge base article 929395 (http://support.microsoft.com/kb/929395) four vendors are listed as supported vendors for SSL certificates. Of course there are more, and their certificates work fine, but you can also use an internal Windows Server 2008 Certificate Services environment. Especially when you have only domain joined clients this shouldn’t be a problem…

Client Access Server and Certificates

When installing the Exchange Server 2010 Client Access Server, a self-signed certificate, containing just the server name, is generated and installed on the server, and can be used for testing purposes after installing the server. For testing purposes this self-signed certificate also contains the local FQDN in the “Subject Alternative Names” field for testing with Outlook Anywhere. It is naturally a best practice not to use this self-signed certificate in a production environment, but rather to use a third party certificate on the Client Access Server.

Continue reading Exchange 2010 and your own PKI infrastructure