Autodiscover is a surprisingly complex little protocol. You never get a certificate or warning error, because with Office 365, you never connect to the provided domain name.
When Outlook (or a mobile client) attempts to connect to autodiscover.example.com over SSL, they can't. The connection is denied. This tells the autodiscover protocol that it needs to redirect its request to a different host. It gets the different hostname by connecting to autodiscover.example.com directly over port 80 (no credentials - just a custom request that says "tell me who to connect to"). Autodiscover then connects to that site - which must be an SSL site and have a valid SSL certificate. The above is very simplified. If you want the TL;DR details, see: http://msdn.microsoft.com/en-us/library/ee332364(v=exchg.140).aspx From: [email protected] [mailto:[email protected]] On Behalf Of Matthew Topper Sent: Wednesday, January 28, 2015 8:00 AM To: [email protected] Subject: [Exchange] Office365 and Autodiscover I'm wondering if someone on this list can help with a question I have on Office365: Why isn't there a certificate error when I point the autodiscover CNAME to autodiscover.outlook.com? I think I'm missing something with how Office365 works, since I know I run into problems under normal circumstances when 'autodiscover.example.com' isn't in the certificate on the Exchange server, but how can Office 365 handle that? Matthew Topper
