[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 529
  • Last Modified:

Exchange Server 2010 with a self-signed certificate

I am in the process of an Exchange Server 2003 to Exchange Server 2010 migration. Thanks to Experts-Exchange most everything went well... until now. The customer does not have an external certificate for me to import and wants to use a self-signed certificate.  Every other Transition/Migration I have done the customer has had the external certificate and I would import it into Exchange Server.  I have several concerns
     •  If I use a self-signed certificate will BlackBerry and smart phone users be able to get their email?
     •  Has anyone installed and set up an Enterprise Certificate Authority, will it affect any other servers?
     •  Can a self-signed certificate be exported from Exchange 2010 and imported into the ISA server?

Any comments or help will be greatly appreciated.
0
boscia
Asked:
boscia
  • 2
  • 2
  • 2
  • +1
1 Solution
 
Deepu ChowdaryCommented:
First of all, Both certificates will generate a site that cannot be read by third-parties.
The data sent over an https connection or SSL, will be encrypted regardless of whether the certificate is signed or self-signed.
In other words, both types of certificates will encrypt the data to create a secure website.

A certificate authority tells your customers that this server information has been verified by a trusted source.

check out this once.
0
 
bosciaAuthor Commented:
That is good to know, but this is not for an ecommerace web site. I am I worried that since the certificate is not generated by a third party the Blackberry and Smartphone users will not be able to get their email. If this certificate is self-signed will their be any problems with retrieving email on these devices.
0
 
Deepu ChowdaryCommented:
Hmm afaik, the mail communication will not be affected to mobile devices if it was a self signed certificate. Just it wont be that much secured as a CA will be..
Offcourse secured data transmission is a need these days :)
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
penguinjasCommented:
  •  If I use a self-signed certificate will BlackBerry and smart phone users be able to get their email?
(They will still connect, user will be notified it's not a trusted cert traffic will be encrypted.)

     •  Has anyone installed and set up an Enterprise Certificate Authority, will it affect any other servers? ( I use an Enterprise CA and I used this to generate my self-signed certificate for my Exchange server.  I've had no issues with other servers. )

     •  Can a self-signed certificate be exported from Exchange 2010 and imported into the ISA server?
(I haven't tried to use the self signed.  I purchased an SSL certificate and used it on the ISA server, not on the Exchange server.)
0
 
Malli BoppeCommented:
With Iphones you çan setup so that you don't get certificate prompts but with other devices. if you install the selfsigned certs  then you might not get certificate prompts.
You can use Internal CA but would be lot of work for you.


They might pay more for you to setup the Internal CA then to buy a SAN cert.
0
 
bosciaAuthor Commented:
Hopefully this is the last question.

Requesting a new certificate in Exchange is easy.. Now I am into the Certificate Authority and I think I might have an issue. The customer does NOT want an offline CA. He does not feel the benifits are worth it. So I went ahead and installed an Enterprise CA on a Windows 2008 Standard server. Everything went well until I went to the CA server website to submit a certificate request and I did not have access to the Web Server Template. From what I am reading I would not have access to this template because it is not Enterprise or Datacenter edition. Am I correct? If so what are my options?

thank you
0
 
penguinjasCommented:
I believe you need the Enterprise version of server software, not Standard.  If you install on Standard it becomes a Standalone CA.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now