someITGuy
asked on
Replacing a self-signed certificate
I get this message when I run Exchange 2007 SP3 BPA:
The SSL certificate for 'https://xxxxx.xxxx.xxx/EWS/Exchange.asmx' is self-signed. It does not provide any of the security guarantees provided by authority-signed or trusted certificates. It is strongly recommended that you install an authority-signed or trusted certificate.
I get the same error for the Autodiscover, Microsoft-Server-ActiveSyn c & Service certificates.
I do have a certificate from Verisign for OWA only, do I need I need a certificate for each of these 4 other self-signed certificates or can I use one certificate for all of them?
What is the proceedure for moving from a self-signed to a commercial certificate?
TIA
The SSL certificate for 'https://xxxxx.xxxx.xxx/EWS/Exchange.asmx' is self-signed. It does not provide any of the security guarantees provided by authority-signed or trusted certificates. It is strongly recommended that you install an authority-signed or trusted certificate.
I get the same error for the Autodiscover, Microsoft-Server-ActiveSyn
I do have a certificate from Verisign for OWA only, do I need I need a certificate for each of these 4 other self-signed certificates or can I use one certificate for all of them?
What is the proceedure for moving from a self-signed to a commercial certificate?
TIA
ASKER
I am on Exchange 2007, about to migrate users from a Exchange 2003 environment. I have a fair amount of OWA users, the other services are lightly used at this point.
So do I need to get a cert for each of these 4 services or will one cert handle them all without certificate errors?
So do I need to get a cert for each of these 4 services or will one cert handle them all without certificate errors?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Actually my OWA cert says owa.mydomain.com
Do I need a cert with the actual server name or will smtp.mydomain.com or mail.mydomain.com suffice since both will point to the frontend server (via a reverse proxy)?
Do I need a cert with the actual server name or will smtp.mydomain.com or mail.mydomain.com suffice since both will point to the frontend server (via a reverse proxy)?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How about if I have 2 CAS servers, each one needs a unique certificate to handle SSL, correct?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How many users are using the services externally?(Activesync, HTTP over RPC, etc.) They'll reconnect to get the new certificate.