Single name cert for Exchange 2007/2010

Here is a process for setting the Exchange Server for a single name cert.

1. Test the Outlook connection to auto discover using the email auto discover in outlook using Microsoft TechNet. This TechNet articles explains how to
     make sense out of the outlook auto configuration test and what problems may be found there.

2. Verify the virtual directories look correct.

Use these commands to compare with step one screen shots. Verify if the directories are set properly and use step three to correct the problems:
Get-AutodiscoverVirtualDirectory | fl Identity,InternalURL,ExternalUrl
Get-webservicesVirtualDirectory | fl Identity,InternalURL,ExternalUrl
Get-OabVirtualDirectory | fl Identity,InternalURL,ExternalUrl
Get-OwaVirtualDirectory | fl Identity,InternalURL,ExternalUrl
Get-EcpVirtualDirectory | fl Identity,InternalURL,ExternalUrl
Get-ActiveSyncVirtualDirectory | fl Identity,InternalURL,ExternalUrl
Get-ClientAccessServer | fl Identity,AutoDiscoverServiceInternalUri

3. Set the directories as the name on the certificate you are using.  if you have an external name, your dns zone must reflect this fact in your internal DNS
Please realize this is a work around and a SAN cert is recommended. See the four methods for adding certificates on the Microsoft KB2783881 .If you decide you want to work around the
requirements and use the external name for internal access- perform the following:

Set-ClientAccessServer -Identity “yourmailbox” –AutodiscoverServiceInternalURI
Set-WebServicesVirtualDirectory -Identity “mbx1\EWS (Default Web Site)” –InternalUrl
Set-OABVirtualDirectory -Identity “mbx1\OAB (Default Web Site)” -InternalURL https://yourcert.domain.comOAB
Set-ActiveSyncVirtualDirectory -Identity “mbx1\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL

  • Verify the IIS location for the Default OWA root directory (often Default Web Site) is set to the correct certificate usage. Right Click the default Web site and edit bindings 
  • edit bindings for port “443”. Choose the correct certificate
  • Verify the Certificate is enabled and assigned for IIS, smtp, etc..  services
  • Verify the server configuration->outlook web App urls are set with the internal and external URLS. review ECP, Active Sync, OAB as required.


One thought on “Single name cert for Exchange 2007/2010

  1. Wow, this piece of writing is pleasant, my younger sister
    is analyzing these kinds of things, so I am going to convey her.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s