JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Use Exchange with RPC over HTTPS

In the version 2003 of Exchange, a new kind of connection, named RPC over HTTPS, is introduced. It allows Outlook 2003 and higher to connect to an Exchange server on the internet and via a SSL-secured channel (HTTPS). Outlook (including the shared files) can then be used from anywhere.

Since the version 2007, Exchange benefits from the Autodiscover and the Client Access Server (CAS) functions. Autodiscover allows a distant Outlook to find URLs that can be used to get connected to the organization's server (https://autodiscover.organization.com/Autodiscover/Autodiscover.xml ). See also:
http://msexchangeteam.com/archive/2007/04/30/438249.aspx

Microsoft recommends UCC standard compatible certificates to answer those needs under Exchange 2007 (consult the list of certificates recommended by Microsoft). On the contrary, if you only use the OWA functions of Exchange 2007, it is not necessary, see Excahnge 2003.

The Sectigo SSL (Mobile) certificate is recommended for Exchange 2003 without ISA, and the Thawte Standard certificate for Exchange 2003 with ISA.

"Autodiscover" from Microsoft

AUTODISCOVER is an automatic configuration function linked to Microsoft Exchange 2007 and higher servers. Outlook 2007 and higher client software can use this automatic configuration functionality for the different services proposed by Microsoft Exchange servers (mailhost, IMAP, SMTP, OWA, Outlook Anywhere, ActiveSync, ...). To do so, Outlook looks for a configuration file in this order:
  • SCP (search in the Active Directory)
  • https://domain.fr/autodiscover/autodiscover.xml
  • https://autodiscover.domain.fr/autodiscover/autodiscover.xml
  • http://autodiscover.domain.fr/autodiscover/autodiscover.xml
  • SRV registreation _autodiscover._tcp.domain.fr
See Microsoft documentation here:
https://technet.microsoft.com/en-us/library/bb124251(v=exchg.160).aspx

In order to secure functionalities linked to "AUTODISCOVER", according to the selected configuration, you'll have to add in your certificate all the enlisted or deployed FQDNs (hosts).
For example:

  • autodiscover.domain.com
  • mail.domain.com
  • activsync.domain.com

That is the reason why our multiple site / SANs certificates are perfectly suited to secure Microsoft Exchange servers. Moreover they can evolve via the addition of SANs during the certificate lifetime.

We provide 3-factor UCC server certificates (they identify the server owner) because it is mportant not to neglect your mail server security and to avoid any risk of phishing or Man In The Middle attack.

Useful links