Exchange 2010 Certificates - The Cheap Way

So, every now and then, I run into people that don't want to pay $80/year for a UCC / SAN Certificate for their exchange environment. While there are ways around this to put in a regular certificate, it's highly recommended to just get the UCC/SAN Cert.

If you do end up getting the cheap, one-domain name certificate, here's a few items you'll have to update through Exchange Management Shell. These will help make everything work more smoothly and prevent certificate / password prompting in Outlook:

Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. (This one is missed the most) To modify this URL, type the following command, and then press ENTER:

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.yourdomainname.com/autodiscover/autodiscover.xml

Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.yourdomainname.com/ews/exchange.asmx

Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.yourdomainname.com/oab

Expand the local computer, and then expand Application Pools.

Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

And that should be all you need to do on the back end to get it working.