Solved

Exchange Server 2010 with a self-signed certificate

Posted on 2011-09-29
7
521 Views
Last Modified: 2012-05-12
I am in the process of an Exchange Server 2003 to Exchange Server 2010 migration. Thanks to Experts-Exchange most everything went well... until now. The customer does not have an external certificate for me to import and wants to use a self-signed certificate.  Every other Transition/Migration I have done the customer has had the external certificate and I would import it into Exchange Server.  I have several concerns
     •  If I use a self-signed certificate will BlackBerry and smart phone users be able to get their email?
     •  Has anyone installed and set up an Enterprise Certificate Authority, will it affect any other servers?
     •  Can a self-signed certificate be exported from Exchange 2010 and imported into the ISA server?

Any comments or help will be greatly appreciated.
0
Comment
Question by:boscia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36817694
First of all, Both certificates will generate a site that cannot be read by third-parties.
The data sent over an https connection or SSL, will be encrypted regardless of whether the certificate is signed or self-signed.
In other words, both types of certificates will encrypt the data to create a secure website.

A certificate authority tells your customers that this server information has been verified by a trusted source.

check out this once.
0
 

Author Comment

by:boscia
ID: 36817824
That is good to know, but this is not for an ecommerace web site. I am I worried that since the certificate is not generated by a third party the Blackberry and Smartphone users will not be able to get their email. If this certificate is self-signed will their be any problems with retrieving email on these devices.
0
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36818061
Hmm afaik, the mail communication will not be affected to mobile devices if it was a self signed certificate. Just it wont be that much secured as a CA will be..
Offcourse secured data transmission is a need these days :)
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 6

Accepted Solution

by:
penguinjas earned 500 total points
ID: 36818198
  •  If I use a self-signed certificate will BlackBerry and smart phone users be able to get their email?
(They will still connect, user will be notified it's not a trusted cert traffic will be encrypted.)

     •  Has anyone installed and set up an Enterprise Certificate Authority, will it affect any other servers? ( I use an Enterprise CA and I used this to generate my self-signed certificate for my Exchange server.  I've had no issues with other servers. )

     •  Can a self-signed certificate be exported from Exchange 2010 and imported into the ISA server?
(I haven't tried to use the self signed.  I purchased an SSL certificate and used it on the ISA server, not on the Exchange server.)
0
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 36889958
With Iphones you çan setup so that you don't get certificate prompts but with other devices. if you install the selfsigned certs  then you might not get certificate prompts.
You can use Internal CA but would be lot of work for you.


They might pay more for you to setup the Internal CA then to buy a SAN cert.
0
 

Author Comment

by:boscia
ID: 36892965
Hopefully this is the last question.

Requesting a new certificate in Exchange is easy.. Now I am into the Certificate Authority and I think I might have an issue. The customer does NOT want an offline CA. He does not feel the benifits are worth it. So I went ahead and installed an Enterprise CA on a Windows 2008 Standard server. Everything went well until I went to the CA server website to submit a certificate request and I did not have access to the Web Server Template. From what I am reading I would not have access to this template because it is not Enterprise or Datacenter edition. Am I correct? If so what are my options?

thank you
0
 
LVL 6

Expert Comment

by:penguinjas
ID: 36893077
I believe you need the Enterprise version of server software, not Standard.  If you install on Standard it becomes a Standalone CA.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question