Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange Server 2010 with a self-signed certificate

Posted on 2011-09-29
7
Medium Priority
?
527 Views
Last Modified: 2012-05-12
I am in the process of an Exchange Server 2003 to Exchange Server 2010 migration. Thanks to Experts-Exchange most everything went well... until now. The customer does not have an external certificate for me to import and wants to use a self-signed certificate.  Every other Transition/Migration I have done the customer has had the external certificate and I would import it into Exchange Server.  I have several concerns
     •  If I use a self-signed certificate will BlackBerry and smart phone users be able to get their email?
     •  Has anyone installed and set up an Enterprise Certificate Authority, will it affect any other servers?
     •  Can a self-signed certificate be exported from Exchange 2010 and imported into the ISA server?

Any comments or help will be greatly appreciated.
0
Comment
Question by:boscia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36817694
First of all, Both certificates will generate a site that cannot be read by third-parties.
The data sent over an https connection or SSL, will be encrypted regardless of whether the certificate is signed or self-signed.
In other words, both types of certificates will encrypt the data to create a secure website.

A certificate authority tells your customers that this server information has been verified by a trusted source.

check out this once.
0
 

Author Comment

by:boscia
ID: 36817824
That is good to know, but this is not for an ecommerace web site. I am I worried that since the certificate is not generated by a third party the Blackberry and Smartphone users will not be able to get their email. If this certificate is self-signed will their be any problems with retrieving email on these devices.
0
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36818061
Hmm afaik, the mail communication will not be affected to mobile devices if it was a self signed certificate. Just it wont be that much secured as a CA will be..
Offcourse secured data transmission is a need these days :)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Accepted Solution

by:
penguinjas earned 2000 total points
ID: 36818198
  •  If I use a self-signed certificate will BlackBerry and smart phone users be able to get their email?
(They will still connect, user will be notified it's not a trusted cert traffic will be encrypted.)

     •  Has anyone installed and set up an Enterprise Certificate Authority, will it affect any other servers? ( I use an Enterprise CA and I used this to generate my self-signed certificate for my Exchange server.  I've had no issues with other servers. )

     •  Can a self-signed certificate be exported from Exchange 2010 and imported into the ISA server?
(I haven't tried to use the self signed.  I purchased an SSL certificate and used it on the ISA server, not on the Exchange server.)
0
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 36889958
With Iphones you çan setup so that you don't get certificate prompts but with other devices. if you install the selfsigned certs  then you might not get certificate prompts.
You can use Internal CA but would be lot of work for you.


They might pay more for you to setup the Internal CA then to buy a SAN cert.
0
 

Author Comment

by:boscia
ID: 36892965
Hopefully this is the last question.

Requesting a new certificate in Exchange is easy.. Now I am into the Certificate Authority and I think I might have an issue. The customer does NOT want an offline CA. He does not feel the benifits are worth it. So I went ahead and installed an Enterprise CA on a Windows 2008 Standard server. Everything went well until I went to the CA server website to submit a certificate request and I did not have access to the Web Server Template. From what I am reading I would not have access to this template because it is not Enterprise or Datacenter edition. Am I correct? If so what are my options?

thank you
0
 
LVL 6

Expert Comment

by:penguinjas
ID: 36893077
I believe you need the Enterprise version of server software, not Standard.  If you install on Standard it becomes a Standalone CA.
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question