?
Solved

Exchange 2013 self-signed certificates

Posted on 2014-02-05
4
Medium Priority
?
510 Views
Last Modified: 2014-02-11
I have three Exchange 2013 servers in two different AD Sites, each having all roles. All are working well for last 9 months and I'm wondering if I can delete the three default self-signed certificates on each server. We have been using a public cert (VeriSign) for the last 9 months which covers POP, IIS, and SMTP, so my thought is I should be able to. Every time I Google this I find MS clearly saying:

"By default, the Client Access server is configured with a self-signed certificate that is not trusted by clients. You should remove this certificate and install a certificate from a trusted Certificate Authority (CA)."

The problem is that it does not use the plural context in the above statement...only singular. So, can I delete all three safely since I have been using a public certificate with no problem?

~Rick
0
Comment
Question by:COL_IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 8

Accepted Solution

by:
EEhotline earned 2000 total points
ID: 39836673
Yes, you can safely delete all those self-signed certs. No reason to leave it there :)
0
 
LVL 2

Expert Comment

by:nifdrift
ID: 39838352
Personally i do not like deleting default files from my servers (note: Any servers).
This is because they might be in use by some process witch I've forgotten about and they can work as a template for how a new certificate could look like, and you also have a "backup" in case something goes bananas.

So my conclusion is: Why delete them? They aren't exactly wasting huge amount of space or cluttering the servers. Maybe you will need them some day.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39838608
The self signed certificate is not only used for web services, but also for internal transport purposes. I expect if you try to remove the certificate it will be blocked for that reason.
Therefore as long as you have the "W" service enabled for the trusted certificate, leave the self signed one alone.

Simon.
0
 

Author Comment

by:COL_IT
ID: 39850488
I got a definite confirmation from Microsoft Exchange 2013 Support and they said deleting those certificates is not a problem as long as we are using a public cert that covers the roles we need. If our public cert expires then we would just have to create new certs till we could replace the expired cert.

They worked with me while I deleted the certs and reset the bindings within IIS on both frontend and backend. We confirmed all is working properly.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses
Course of the Month12 days, 15 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question