Adding domains to Exchange Server 2016 without adding them to the SSL Cert
Greetings,
Do you have any references on how to configure Exchange Server 2016 without needing to add new domains to the public facing SSL certificate?? Any help on this or pointing me in the right direction would be sincerely appreciated.
Thanks very much,
Steve
What you need is called autodiscover redirect method:? http://www.msexchange.org/articles-tutorials/exchange-server-2010/mobility-client-access/using-autodiscover-large-numbers-accepted-domains-part1.html
So basically autodiscover looks up the url based on the email domain. Lets say the email is jdixon@knowmoreit.com… autodiscover will look up these urls:
- (internal SCP record in AD)
- http://knowmoreit.com/autodiscover/autodiscover.xml
- https://autodiscover.knowmoreit.com/autodiscover/autodiscover.xml
- http://autodiscover.knowmoreit.com/autodiscover/autodiscover.xml (HTTP)
- SRV record
So the redirect method uses the HTTP url and causes a redirect back to the hoster’s domain. So lets say the hosters domain is “hoster.com” and the Exchange server is “mail.hoster.com”. To get this to work I would setup a new IIS server that only has port 80 open to the world (port 443 must be closed!!).?We will put a A host record for this IIS server as “redirect.hoster.com”. Now for each client domain we have we will add a CNAME record for autodiscover to point to redirect.hoster.com (Example: autodiscover.knowmoreit.com -> redirect.hoster.com).
What happens is IIS will use the HTTP Redirect and redirect all the requests back to: https://mail.hoster.com/autodiscover/autodiscover.xml.
Thanks Jacob!? Very much appreciated!!
Steve
- 5 Forums
- 717 Topics
- 3,651 Posts
- 1 Online
- 260 Members