Solved

Exchange 2010 Mailbox servers certificate:

Posted on 2013-11-22
6
2,746 Views
Last Modified: 2013-11-28
Exchange 2010 Mailbox servers certificate:

In our Exchange 2010 servers  that have mailbox roles,
I see on one of the servers has 2 certificates , one seems like it is issued by a CA that belongs to the domain, because the issuer server is member of our domain.
there is another certificate for the same exchange server, issued by the exchange server itself.

The other mailbox server does not have any certificate.

I wonder if that 's something I should worry about, or that's only the debris left from initial install of the exchange servers.??


Thanks
0
Comment
Question by:jskfan
  • 3
  • 3
6 Comments
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 500 total points
Comment Utility
Do you any other roles installed on mailbox server (CAS \ HUB) ?
If yes,
Check SAN names in certificate issued by domain CA if it is using live urls and if any exchange service is assigned to that.
You can remove \ ignore that if any exchange service is not assigned to that.

If this is only mailbox server role installed then you do not have to worry
leave self signed certificate as it is.

Mahesh
0
 

Author Comment

by:jskfan
Comment Utility
<<If this is only mailbox server role installed then you do not have to worry
leave self signed certificate as it is.>>

yes...it has Mailbox role only.
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
exchange 2010 mailbox servers do not require any certificate
I don't see any good reason to keep domain CA based certificate on exchange mailbox server

Some exchange administrators recommends not to delete self signed certificate issued by exchnage regardless of server role.

Mahesh
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 

Author Comment

by:jskfan
Comment Utility
<<<Some exchange administrators recommends not to delete self signed certificate issued by exchange regardless of server role.>>>

what would happen if the self signed certif gets deleted ?
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
Comment Utility
At this point of time I have not found any MS documentation regarding impact of deletion of self signed certificate from Exchange 2010 mailbox server
Ideally CAS, Hub and Edge exchange servers do require certificate.
Still I suggest you that do not delete that self signed certificate.

Please find below comment in online MS documentation
By default, Exchange installs a default self-signed certificate so that all network communication is encrypted. Encrypting all network communication requires that every Exchange server have an X.509 certificate that it can use.
“Self-signed” means that a certificate was created and signed only by the Exchange server itself and trusted by other Exchange servers in the same organization.
Check "Default Exchange certificate" topic under below link
http://technet.microsoft.com/en-us/library/dd351044(v=exchg.141).aspx

In case of Exchange 2013 mailbox servers, you required self signed certificate in order to communicate with CAS. check below post
http://howexchangeworks.com/2013/07/exchange-2013-certificate-on-mailbox-role.html

Hope that helps
Mahesh
0
 

Author Closing Comment

by:jskfan
Comment Utility
Well explained..Thank you
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now