Solved

Exchange 2010 Mailbox servers certificate:

Posted on 2013-11-22
6
3,395 Views
Last Modified: 2013-11-28
Exchange 2010 Mailbox servers certificate:

In our Exchange 2010 servers  that have mailbox roles,
I see on one of the servers has 2 certificates , one seems like it is issued by a CA that belongs to the domain, because the issuer server is member of our domain.
there is another certificate for the same exchange server, issued by the exchange server itself.

The other mailbox server does not have any certificate.

I wonder if that 's something I should worry about, or that's only the debris left from initial install of the exchange servers.??


Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 500 total points
ID: 39670464
Do you any other roles installed on mailbox server (CAS \ HUB) ?
If yes,
Check SAN names in certificate issued by domain CA if it is using live urls and if any exchange service is assigned to that.
You can remove \ ignore that if any exchange service is not assigned to that.

If this is only mailbox server role installed then you do not have to worry
leave self signed certificate as it is.

Mahesh
0
 

Author Comment

by:jskfan
ID: 39670525
<<If this is only mailbox server role installed then you do not have to worry
leave self signed certificate as it is.>>

yes...it has Mailbox role only.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39670611
exchange 2010 mailbox servers do not require any certificate
I don't see any good reason to keep domain CA based certificate on exchange mailbox server

Some exchange administrators recommends not to delete self signed certificate issued by exchnage regardless of server role.

Mahesh
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:jskfan
ID: 39673099
<<<Some exchange administrators recommends not to delete self signed certificate issued by exchange regardless of server role.>>>

what would happen if the self signed certif gets deleted ?
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39673920
At this point of time I have not found any MS documentation regarding impact of deletion of self signed certificate from Exchange 2010 mailbox server
Ideally CAS, Hub and Edge exchange servers do require certificate.
Still I suggest you that do not delete that self signed certificate.

Please find below comment in online MS documentation
By default, Exchange installs a default self-signed certificate so that all network communication is encrypted. Encrypting all network communication requires that every Exchange server have an X.509 certificate that it can use.
“Self-signed” means that a certificate was created and signed only by the Exchange server itself and trusted by other Exchange servers in the same organization.
Check "Default Exchange certificate" topic under below link
http://technet.microsoft.com/en-us/library/dd351044(v=exchg.141).aspx

In case of Exchange 2013 mailbox servers, you required self signed certificate in order to communicate with CAS. check below post
http://howexchangeworks.com/2013/07/exchange-2013-certificate-on-mailbox-role.html

Hope that helps
Mahesh
0
 

Author Closing Comment

by:jskfan
ID: 39684208
Well explained..Thank you
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question