How to configure autodiscover for multiple domains using one SSL certificate


You may need to configure autodiscover for multiple domains, but only wish to maintain one SSL certificate. This article describes how to do this. You will need the following:

1) Spare IP address. You need an IP address that IIS can listen to that will not respond to SSL.
2) A valid SSL certificate which is being used for delivering autodiscover already. So you would need https://[domain].tld/autodiscover/autodiscover.xml or https://autodiscover.[domain].tld/autodiscover/autodiscover.xml already working. This article does not describe how to get the initial one working.


One time steps to set it up:

1) Create an A record for a domain on the server, it does not matter what it is, but it is easier to make it meaningful, such as redirect.[domain].tld, and have it one that you won't need to change, so not a customers domain that may move. Point this A record to the spare IP address.
2) Create a new website under IIS.
3) Create a site binding to the A record which was created, and to the spare IP address you have. Listen only on port 80. You do not want the domain answering to any SSL requests, as this will generate an SSL warning.
4) Redirect the site using a 302 HTTP Redirect to the full SSL autodiscover URL you have working on the server.

When you wish to add a new domain to be autodiscovered:

1) Create a CNAME record in your DNS for autodiscover.[domain].tld to point to the A record you created earlier.

When users now try to autodiscover their settings, they will not be warned that the SSL certificate does not match, but they will be asked if they want the website to configure their server settings.

Class:HOWTO: Product Instructions
Revised:Monday, July 23, 2018