?
Solved

Exchange 2010 Mailbox servers certificate:

Posted on 2013-11-22
6
Medium Priority
?
3,922 Views
Last Modified: 2013-11-28
Exchange 2010 Mailbox servers certificate:

In our Exchange 2010 servers  that have mailbox roles,
I see on one of the servers has 2 certificates , one seems like it is issued by a CA that belongs to the domain, because the issuer server is member of our domain.
there is another certificate for the same exchange server, issued by the exchange server itself.

The other mailbox server does not have any certificate.

I wonder if that 's something I should worry about, or that's only the debris left from initial install of the exchange servers.??


Thanks
0
Comment
Question by:jskfan
  • 3
  • 3
6 Comments
 
LVL 39

Assisted Solution

by:Mahesh
Mahesh earned 2000 total points
ID: 39670464
Do you any other roles installed on mailbox server (CAS \ HUB) ?
If yes,
Check SAN names in certificate issued by domain CA if it is using live urls and if any exchange service is assigned to that.
You can remove \ ignore that if any exchange service is not assigned to that.

If this is only mailbox server role installed then you do not have to worry
leave self signed certificate as it is.

Mahesh
0
 

Author Comment

by:jskfan
ID: 39670525
<<If this is only mailbox server role installed then you do not have to worry
leave self signed certificate as it is.>>

yes...it has Mailbox role only.
0
 
LVL 39

Expert Comment

by:Mahesh
ID: 39670611
exchange 2010 mailbox servers do not require any certificate
I don't see any good reason to keep domain CA based certificate on exchange mailbox server

Some exchange administrators recommends not to delete self signed certificate issued by exchnage regardless of server role.

Mahesh
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 

Author Comment

by:jskfan
ID: 39673099
<<<Some exchange administrators recommends not to delete self signed certificate issued by exchange regardless of server role.>>>

what would happen if the self signed certif gets deleted ?
0
 
LVL 39

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39673920
At this point of time I have not found any MS documentation regarding impact of deletion of self signed certificate from Exchange 2010 mailbox server
Ideally CAS, Hub and Edge exchange servers do require certificate.
Still I suggest you that do not delete that self signed certificate.

Please find below comment in online MS documentation
By default, Exchange installs a default self-signed certificate so that all network communication is encrypted. Encrypting all network communication requires that every Exchange server have an X.509 certificate that it can use.
“Self-signed” means that a certificate was created and signed only by the Exchange server itself and trusted by other Exchange servers in the same organization.
Check "Default Exchange certificate" topic under below link
http://technet.microsoft.com/en-us/library/dd351044(v=exchg.141).aspx

In case of Exchange 2013 mailbox servers, you required self signed certificate in order to communicate with CAS. check below post
http://howexchangeworks.com/2013/07/exchange-2013-certificate-on-mailbox-role.html

Hope that helps
Mahesh
0
 

Author Closing Comment

by:jskfan
ID: 39684208
Well explained..Thank you
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes Top 9 Exchange troubleshooting utilities that every Exchange Administrator should know. Most of the utilities are available free of cost. List of tools that I am going to explain in this article are:   Microsoft Remote Con…
You finally migrated Public Folders to Office 365, decommissioned the Public Folder mailbox database and since then, when you send an email from on-premise to mail-enabled Public Folders, you get the following error: "Misconfigured public folder mai…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question