Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2013 SSL Certificates on Multiple CAS and Mailbox Servers

Posted on 2015-01-09
3
Medium Priority
?
194 Views
Last Modified: 2015-07-14
I have 5 Exchange 2013 servers.   2 CAS servers and 3 Mailbox servers installed as DAG.  The CAS servers have my UCC certificate.  One of the CAS servers has the Microsoft Exchange Server Auth certificate.  I am receiving SSL certificate errors from my Mailbox servers stating they cannot find the certificate containing the public name.   This certificate is installed on the CAS servers, but the mailbox servers are sending email to the internet.  I am also receiving errors the the Microsoft Exchange Server Auth certificate cannot be found on all servers but the CAS server it is installed on.  

I am having trouble finding any information on the correct settings in this configuration.  

I am wondering if I should export the Microsoft Exchange Server Auth certificate and the UCC certificate and import the certificate into all of the servers.

Does anyone have a configuration like this that they could confirm the SSL requirements on the mailbox and CAS servers?  What I have found says the mailbox servers SSL is all self-signed and should not need to be altered, but that is not what I am seeing.
0
Comment
Question by:tech301
  • 2
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 1500 total points
ID: 40541503
Certs are pretty strightforward for the most part. Whatever you do "do not remove or modify the self-signed certs" on either the CAS or Mailbox Servers.

- Simply import your cert on all of your CAS servers
- Run the Enable-ExchangeCertificate -Thumbprint <xxxxxxxxxxxxxxxxxx> -Services "pop,imap,smtp,iis" (do this for both servers)
- Ensure that all of your URL's for your virtual directories are correct
- Make sure that your SAN cert has mail.domain.com and autodiscover.domain.com
- Make sure that you have the appropriate External DNS for A record mail.domain.com and CNAME record for autodiscover.domain.com

Will.
0
 

Author Comment

by:tech301
ID: 40547478
Thanks for the reply Will.  I have the UCC cert imported to both CAS server, but I am getting the errors on the Mailbox servers.  I guess I can just import the UCC and the Microsoft Exchange Server Auth certificate to all servers to clear the errors.
0
 

Author Closing Comment

by:tech301
ID: 40881415
Not really the answer I was looking for, but in the end I just exported and imported to the CAS servers.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question