Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Use Exchange with RPC over HTTPS

In the version 2003 of Exchange, a new kind of connection, named RPC over HTTPS, is introduced. It allows Outlook 2003 and higher to connect to an Exchange server on the internet and via a SSL-secured channel (HTTPS). Outlook (including the shared files) can then be used from anywhere.

Starting with Exchange 2007, Exchange brings the Autodiscover feature and the Client Access Server (CAS). Autodiscover allows a remote Outlook to discover the URLs that can be used to connect to the company server (on https://autodiscover.societe.fr/Autodiscover/Autodiscover.xml ). Microsoft recommends the use of UCC-compliant certificates to meet this need on Exchange 2007 and higher. On the other hand, if you only use the OWA functions of Exchange 2007, this is not is not necessary, see Exchange 2003. Translated with www.DeepL.com/Translator (free version)

The Sectigo SSL (Mobile) certificate is recommended for Exchange 2003 without ISA, and the Thawte Standard certificate for Exchange 2003 with ISA.

"Autodiscover" from Microsoft

AUTODISCOVER is an automatic configuration function linked to Microsoft Exchange 2007 and higher servers. Outlook 2007 and higher client software can use this automatic configuration functionality for the different services proposed by Microsoft Exchange servers (mailhost, IMAP, SMTP, OWA, Outlook Anywhere, ActiveSync, ...). To do so, Outlook looks for a configuration file in this order:
  • SCP (search in the Active Directory)
  • https://domain.fr/autodiscover/autodiscover.xml
  • https://autodiscover.domain.fr/autodiscover/autodiscover.xml
  • http://autodiscover.domain.fr/autodiscover/autodiscover.xml
  • SRV registreation _autodiscover._tcp.domain.fr
More info : Microsoft documentation

In order to secure functionalities linked to "AUTODISCOVER", according to the selected configuration, you'll have to add in your certificate all the enlisted or deployed FQDNs (hosts).
For example:

  • autodiscover.domain.com
  • mail.domain.com
  • activesync.domain.com

That is the reason why our multiple site / SANs certificates are perfectly suited to secure Microsoft Exchange servers. Moreover they can evolve via the addition of SANs during the certificate lifetime.

We provide 3-factor UCC server certificates (they identify the server owner) because it is mportant not to neglect your mail server security and to avoid any risk of phishing or Man In The Middle attack.

Useful links