One of my customer's Exchange server private SSL is expiring soon and they plan to go for SSL certificate from public certification authority.Due to budget issue, they only plan to purchase 1 certificate with 2 SAN which is webmail.contoso.com and autodiscover.contoso.com.
Since the internal domain name(contoso.internal) is different with public domain(contoso.com), they asked me is it possible to consolidate both into one(contoso.com) without causing any service interruption to users, for example certificate warning when they open Outlook client.
To achieve the goal, all we need to do is to modify Exchange SCP(service connection point), to point the internal autodiscover URL to autodiscover.contoso.com.
Set-ClientAccessServer -Idendity CAS_Server_Name -AutodiscoverServiceInternalUri "https://autodiscover.contoso.com/autodiscover/autodiscover.xml"
Set-WebServicesVirtualDirectory -Idendity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl "https://webmail.contoso.com/EWS/exchange.asmx"
Set-OABVirtualDirectory -Idendity "CAS_Server_Name\OAB (Default Web Site)" -InternalUrl "https://webmail.contoso.com/oab"
By modifying the SCP and virtual directories internal URL pointing to the public domain name instead of internal domain name, we can achieve the goals of spending minimum amount of money on public SSL.
No comments:
Post a Comment