Solved

Exchange 2010 Mailbox servers certificate:

Posted on 2013-11-22
6
3,318 Views
Last Modified: 2013-11-28
Exchange 2010 Mailbox servers certificate:

In our Exchange 2010 servers  that have mailbox roles,
I see on one of the servers has 2 certificates , one seems like it is issued by a CA that belongs to the domain, because the issuer server is member of our domain.
there is another certificate for the same exchange server, issued by the exchange server itself.

The other mailbox server does not have any certificate.

I wonder if that 's something I should worry about, or that's only the debris left from initial install of the exchange servers.??


Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 500 total points
ID: 39670464
Do you any other roles installed on mailbox server (CAS \ HUB) ?
If yes,
Check SAN names in certificate issued by domain CA if it is using live urls and if any exchange service is assigned to that.
You can remove \ ignore that if any exchange service is not assigned to that.

If this is only mailbox server role installed then you do not have to worry
leave self signed certificate as it is.

Mahesh
0
 

Author Comment

by:jskfan
ID: 39670525
<<If this is only mailbox server role installed then you do not have to worry
leave self signed certificate as it is.>>

yes...it has Mailbox role only.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39670611
exchange 2010 mailbox servers do not require any certificate
I don't see any good reason to keep domain CA based certificate on exchange mailbox server

Some exchange administrators recommends not to delete self signed certificate issued by exchnage regardless of server role.

Mahesh
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 

Author Comment

by:jskfan
ID: 39673099
<<<Some exchange administrators recommends not to delete self signed certificate issued by exchange regardless of server role.>>>

what would happen if the self signed certif gets deleted ?
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39673920
At this point of time I have not found any MS documentation regarding impact of deletion of self signed certificate from Exchange 2010 mailbox server
Ideally CAS, Hub and Edge exchange servers do require certificate.
Still I suggest you that do not delete that self signed certificate.

Please find below comment in online MS documentation
By default, Exchange installs a default self-signed certificate so that all network communication is encrypted. Encrypting all network communication requires that every Exchange server have an X.509 certificate that it can use.
“Self-signed” means that a certificate was created and signed only by the Exchange server itself and trusted by other Exchange servers in the same organization.
Check "Default Exchange certificate" topic under below link
http://technet.microsoft.com/en-us/library/dd351044(v=exchg.141).aspx

In case of Exchange 2013 mailbox servers, you required self signed certificate in order to communicate with CAS. check below post
http://howexchangeworks.com/2013/07/exchange-2013-certificate-on-mailbox-role.html

Hope that helps
Mahesh
0
 

Author Closing Comment

by:jskfan
ID: 39684208
Well explained..Thank you
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question