Solved

Exchange Server 2010 with a self-signed certificate

Posted on 2011-09-29
7
520 Views
Last Modified: 2012-05-12
I am in the process of an Exchange Server 2003 to Exchange Server 2010 migration. Thanks to Experts-Exchange most everything went well... until now. The customer does not have an external certificate for me to import and wants to use a self-signed certificate.  Every other Transition/Migration I have done the customer has had the external certificate and I would import it into Exchange Server.  I have several concerns
     •  If I use a self-signed certificate will BlackBerry and smart phone users be able to get their email?
     •  Has anyone installed and set up an Enterprise Certificate Authority, will it affect any other servers?
     •  Can a self-signed certificate be exported from Exchange 2010 and imported into the ISA server?

Any comments or help will be greatly appreciated.
0
Comment
Question by:boscia
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36817694
First of all, Both certificates will generate a site that cannot be read by third-parties.
The data sent over an https connection or SSL, will be encrypted regardless of whether the certificate is signed or self-signed.
In other words, both types of certificates will encrypt the data to create a secure website.

A certificate authority tells your customers that this server information has been verified by a trusted source.

check out this once.
0
 

Author Comment

by:boscia
ID: 36817824
That is good to know, but this is not for an ecommerace web site. I am I worried that since the certificate is not generated by a third party the Blackberry and Smartphone users will not be able to get their email. If this certificate is self-signed will their be any problems with retrieving email on these devices.
0
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36818061
Hmm afaik, the mail communication will not be affected to mobile devices if it was a self signed certificate. Just it wont be that much secured as a CA will be..
Offcourse secured data transmission is a need these days :)
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 6

Accepted Solution

by:
penguinjas earned 500 total points
ID: 36818198
  •  If I use a self-signed certificate will BlackBerry and smart phone users be able to get their email?
(They will still connect, user will be notified it's not a trusted cert traffic will be encrypted.)

     •  Has anyone installed and set up an Enterprise Certificate Authority, will it affect any other servers? ( I use an Enterprise CA and I used this to generate my self-signed certificate for my Exchange server.  I've had no issues with other servers. )

     •  Can a self-signed certificate be exported from Exchange 2010 and imported into the ISA server?
(I haven't tried to use the self signed.  I purchased an SSL certificate and used it on the ISA server, not on the Exchange server.)
0
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 36889958
With Iphones you çan setup so that you don't get certificate prompts but with other devices. if you install the selfsigned certs  then you might not get certificate prompts.
You can use Internal CA but would be lot of work for you.


They might pay more for you to setup the Internal CA then to buy a SAN cert.
0
 

Author Comment

by:boscia
ID: 36892965
Hopefully this is the last question.

Requesting a new certificate in Exchange is easy.. Now I am into the Certificate Authority and I think I might have an issue. The customer does NOT want an offline CA. He does not feel the benifits are worth it. So I went ahead and installed an Enterprise CA on a Windows 2008 Standard server. Everything went well until I went to the CA server website to submit a certificate request and I did not have access to the Web Server Template. From what I am reading I would not have access to this template because it is not Enterprise or Datacenter edition. Am I correct? If so what are my options?

thank you
0
 
LVL 6

Expert Comment

by:penguinjas
ID: 36893077
I believe you need the Enterprise version of server software, not Standard.  If you install on Standard it becomes a Standalone CA.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Change local account password via GPO? 34 71
Mail Exchanger (MX) Record 5 41
Exchange 2016 2 37
office 365 5 23
Find out what you should include to make the best professional email signature for your organization.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question