@Susan Dodds Yes, two namespaces (aka domains) are all you need in Exchange Server:
autodiscover.contoso.com
mail.contoso.com
You can create a CSR for your CA using the Exchange Server 2019 EAC.
Exchange 2019 switching from self-signed to 3rd party certificate
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 7.000000000000001%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Susan Dodds
321
Reputation points
Exchange 2019 Cu14. Office 2016/2019 Outlook profiles. Phone email client profiles
Currently using a self-signed certificate.
Are there any known issues regarding the switch? Broken Outlook/phone client profiles, etc.? Or will Outlook and phone clients be able to pick up the changes automatically?
To confirm, for Exchange 2019 and Exchange online, the certificate requires only these URL's?
autodiscover.contoso.com
mail.contoso.com/owa
Thanks
Exchange | Exchange Server | Management
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 18%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
Austin-H 3,555 Reputation points Microsoft External Staff Moderator2025-08-11T04:09:03.86+00:00 Hi @Susan Dodds ,
It's been a while since your last approach.
May I know if you find suggestions from Jade or Scott useful?
I am looking forward to your update.
Sign in to comment
2 answers
Sort by: Most helpful
-
Scott Schnoll 0 Reputation points2025-08-05T00:44:59.7633333+00:00 -
Susan Dodds 321 Reputation points
2025-08-05T00:54:51.51+00:00 Thank you for the reply.
Are there any known complications from switching from a self-signed to a 3rd party certificate or does everything keep working?
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 68%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
Jade-T 3,445 Reputation points Microsoft External Staff Moderator2025-08-05T02:58:42.6366667+00:00 Hi @Susan Dodds
Thank you for reaching out. I understand your concern about the potential impact of switching from a self-signed certificate to a new one on your Exchange Server 2019 CU14 and I'm happy to help clear things up for you.
The good news is that this switch should not cause any issues with your existing Outlook or phone email client profiles, they will stay exactly as they are.
The only thing users will notice is a one-time security alert the first time they connect after the new certificate is installed. This happens because the server now presents a different "identity" with the new certificate. To continue, users simply need to approve the new certificate when prompted. After that, everything should work exactly the same as before, with no need to recreate any profiles.
Please keep in mind that clients won’t automatically trust the new certificate, so this manual approval step is necessary.
To make sure all Exchange services, like OWA, ActiveSync, and Autodiscover, work perfectly, the new certificate must include these two hostnames:
-
autodiscover.contoso.com -
mail.contoso.com
Here’s a quick action plan to guide you through the process. For more detailed and reliable instructions, I highly recommend the official Microsoft documentation, which covers every step thoroughly.
- Create a Certificate Signing Request (CSR): You'll need to generate a new CSR on your Exchange Server to request a trusted SSL certificate from a Certificate Authority (CA).
- Purchase, Import, and Assign: Use the CSR to get a certificate from a trusted CA. Then, you'll import it and assign it to the necessary Exchange services (e.g., IIS, SMTP).
- Verify and Communicate: After assigning the new certificate, it’s important to verify the installation using the Microsoft Remote Connectivity Analyzer. Also, make sure to inform your users so they know to expect the security prompt when connecting after the switch.
For a step-by-step guide, I highly recommend the official Microsoft documentation. It’s super useful for managing certificates on Exchange: Certificate procedures in Exchange Server | Microsoft Learn
I hope this helps make the certificate switch process go smoothly! If you have any further questions or need additional assistance, please don’t hesitate to reach out.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
-
Jade-T 3,445 Reputation points Microsoft External Staff Moderator
2025-08-07T07:28:48.2466667+00:00 Hi @Susan Dodds
Just checking in to see how things went with your Exchange 2019 certificate update. I hope the process went smoothly and your Outlook/mobile clients are all working well.
If you have any follow-up questions or run into anything unexpected, I’d be more than happy to help.
Also, if the previous response was helpful, marking it as “Accepted” would really help others in the community find the solution more easily, it’s a small thing, but it can make a big difference for those facing the same issue.
Thanks again and wishing you a smooth experience moving forward!
Sign in to comment -