Improve company productivity with a Business Account.Sign Up

x
?
Solved

Exchange 2010 Mailbox servers certificate:

Posted on 2013-11-22
6
Medium Priority
?
4,038 Views
Last Modified: 2013-11-28
Exchange 2010 Mailbox servers certificate:

In our Exchange 2010 servers  that have mailbox roles,
I see on one of the servers has 2 certificates , one seems like it is issued by a CA that belongs to the domain, because the issuer server is member of our domain.
there is another certificate for the same exchange server, issued by the exchange server itself.

The other mailbox server does not have any certificate.

I wonder if that 's something I should worry about, or that's only the debris left from initial install of the exchange servers.??


Thanks
0
Comment
Question by:jskfan
  • 3
  • 3
6 Comments
 
LVL 41

Assisted Solution

by:Mahesh
Mahesh earned 2000 total points
ID: 39670464
Do you any other roles installed on mailbox server (CAS \ HUB) ?
If yes,
Check SAN names in certificate issued by domain CA if it is using live urls and if any exchange service is assigned to that.
You can remove \ ignore that if any exchange service is not assigned to that.

If this is only mailbox server role installed then you do not have to worry
leave self signed certificate as it is.

Mahesh
0
 

Author Comment

by:jskfan
ID: 39670525
<<If this is only mailbox server role installed then you do not have to worry
leave self signed certificate as it is.>>

yes...it has Mailbox role only.
0
 
LVL 41

Expert Comment

by:Mahesh
ID: 39670611
exchange 2010 mailbox servers do not require any certificate
I don't see any good reason to keep domain CA based certificate on exchange mailbox server

Some exchange administrators recommends not to delete self signed certificate issued by exchnage regardless of server role.

Mahesh
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:jskfan
ID: 39673099
<<<Some exchange administrators recommends not to delete self signed certificate issued by exchange regardless of server role.>>>

what would happen if the self signed certif gets deleted ?
0
 
LVL 41

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39673920
At this point of time I have not found any MS documentation regarding impact of deletion of self signed certificate from Exchange 2010 mailbox server
Ideally CAS, Hub and Edge exchange servers do require certificate.
Still I suggest you that do not delete that self signed certificate.

Please find below comment in online MS documentation
By default, Exchange installs a default self-signed certificate so that all network communication is encrypted. Encrypting all network communication requires that every Exchange server have an X.509 certificate that it can use.
“Self-signed” means that a certificate was created and signed only by the Exchange server itself and trusted by other Exchange servers in the same organization.
Check "Default Exchange certificate" topic under below link
http://technet.microsoft.com/en-us/library/dd351044(v=exchg.141).aspx

In case of Exchange 2013 mailbox servers, you required self signed certificate in order to communicate with CAS. check below post
http://howexchangeworks.com/2013/07/exchange-2013-certificate-on-mailbox-role.html

Hope that helps
Mahesh
0
 

Author Closing Comment

by:jskfan
ID: 39684208
Well explained..Thank you
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A method of moving multiple mailboxes (in bulk) to another database in an Exchange 2010/2013/2016 environment...
Microsoft Exchange Server gives you the ability to roll back a corrupt database, but still preserve any data written to that database since the last successful backup. Unfortunately the documentation on how to do this when recovering using imaging b…
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question