Solved

Exchange 2010 SSL offloading and binding to services on CAS

Posted on 2013-11-14
7
503 Views
Last Modified: 2016-10-25
Good Morning,

We are planning on utilizing SSL offloading so we can leverage our netscaler loadbalancers for  SSL termination.  A question I have is once I receive my 3rd party certificate and install it on the 2010 CAS servers is it necessary to bind it to any services?  My gut feeling says no as I will need to make changes to the IIS virtual directories and turn off SSL.  However, since Exchange installs a self signed cert which binds itself will outlook clients receive security warning notifications about the self signed cert?  I do know that until the 3rd party cert is installed users will receive these warnings however in order for those warnings to go away does the cert need to be bound as well?  Any information would be appreciated!

Thanks!
0
Comment
Question by:mkllpit
  • 4
  • 3
7 Comments
 
LVL 9

Expert Comment

by:David Carr
ID: 39648412
The Exchange Self signed certificate is bound to IMAP, POP,IIS, SMTP services. You can see this by typing Get-ExchangeCertificate | fl at the Exchange Management Shell prompt

To avoid clients getting prompts because of the untrusted self-signed certificates, you can disable the transport service immediately after installing Exchange.


I would recommend looking at http://social.technet.microsoft.com/wiki/contents/articles/1267.how-to-configure-ssl-offloading-in-exchange-2010.aspx
0
 

Author Comment

by:mkllpit
ID: 39648434
Thanks.  I have looked at that document already.  My CAS servers are actually CAS/HT servers so I dont think disabling the Transport service will ultimately help.
0
 
LVL 9

Expert Comment

by:David Carr
ID: 39648461
I have disabled the transport service on our CAS/HT servers during the transition from self signed to 3rd party certificate and it stopped the outlook clients from connecting and getting prompts.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:mkllpit
ID: 39648483
Ok, so do I still have to bind the 3rd party cert or simply installing it will prevent the prompts?  doesnt make much sense to bind them considering they wont be used on the CAS?
0
 
LVL 9

Accepted Solution

by:
David Carr earned 500 total points
ID: 39648519
We have bound IIS and SMTP to the 3rd party certificates so that the self signed certificate did not use that and we would not be impacted when those expired. I would still suggest binding the 3rd party cert to IIS and SMTP.
0
 

Author Comment

by:mkllpit
ID: 39648525
Ok... I guess it can't hurt.  Thanks so much for your assistance!
0
 
LVL 9

Expert Comment

by:David Carr
ID: 39648567
Glad to be able to help
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2013 POP3 2 32
exchange, active directory 4 25
Delete Public Folder DB after migration 4 20
Exchange 2013 - Script needed 7 38
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question