Solved

Exchange Server 2010 with a self-signed certificate

Posted on 2011-09-29
7
518 Views
Last Modified: 2012-05-12
I am in the process of an Exchange Server 2003 to Exchange Server 2010 migration. Thanks to Experts-Exchange most everything went well... until now. The customer does not have an external certificate for me to import and wants to use a self-signed certificate.  Every other Transition/Migration I have done the customer has had the external certificate and I would import it into Exchange Server.  I have several concerns
     •  If I use a self-signed certificate will BlackBerry and smart phone users be able to get their email?
     •  Has anyone installed and set up an Enterprise Certificate Authority, will it affect any other servers?
     •  Can a self-signed certificate be exported from Exchange 2010 and imported into the ISA server?

Any comments or help will be greatly appreciated.
0
Comment
Question by:boscia
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36817694
First of all, Both certificates will generate a site that cannot be read by third-parties.
The data sent over an https connection or SSL, will be encrypted regardless of whether the certificate is signed or self-signed.
In other words, both types of certificates will encrypt the data to create a secure website.

A certificate authority tells your customers that this server information has been verified by a trusted source.

check out this once.
0
 

Author Comment

by:boscia
ID: 36817824
That is good to know, but this is not for an ecommerace web site. I am I worried that since the certificate is not generated by a third party the Blackberry and Smartphone users will not be able to get their email. If this certificate is self-signed will their be any problems with retrieving email on these devices.
0
 
LVL 12

Expert Comment

by:Deepu Chowdary
ID: 36818061
Hmm afaik, the mail communication will not be affected to mobile devices if it was a self signed certificate. Just it wont be that much secured as a CA will be..
Offcourse secured data transmission is a need these days :)
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 6

Accepted Solution

by:
penguinjas earned 500 total points
ID: 36818198
  •  If I use a self-signed certificate will BlackBerry and smart phone users be able to get their email?
(They will still connect, user will be notified it's not a trusted cert traffic will be encrypted.)

     •  Has anyone installed and set up an Enterprise Certificate Authority, will it affect any other servers? ( I use an Enterprise CA and I used this to generate my self-signed certificate for my Exchange server.  I've had no issues with other servers. )

     •  Can a self-signed certificate be exported from Exchange 2010 and imported into the ISA server?
(I haven't tried to use the self signed.  I purchased an SSL certificate and used it on the ISA server, not on the Exchange server.)
0
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 36889958
With Iphones you çan setup so that you don't get certificate prompts but with other devices. if you install the selfsigned certs  then you might not get certificate prompts.
You can use Internal CA but would be lot of work for you.


They might pay more for you to setup the Internal CA then to buy a SAN cert.
0
 

Author Comment

by:boscia
ID: 36892965
Hopefully this is the last question.

Requesting a new certificate in Exchange is easy.. Now I am into the Certificate Authority and I think I might have an issue. The customer does NOT want an offline CA. He does not feel the benifits are worth it. So I went ahead and installed an Enterprise CA on a Windows 2008 Standard server. Everything went well until I went to the CA server website to submit a certificate request and I did not have access to the Web Server Template. From what I am reading I would not have access to this template because it is not Enterprise or Datacenter edition. Am I correct? If so what are my options?

thank you
0
 
LVL 6

Expert Comment

by:penguinjas
ID: 36893077
I believe you need the Enterprise version of server software, not Standard.  If you install on Standard it becomes a Standalone CA.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now