rjearley1966
asked on
Exchange 2010 TLS and Certificate Question.
Newly built Exchange 2010 fully updated. Initiating a certificate request and am wondering about Mutual TLS.
The server is already responding with opportunistic TLS because I see the TLS response during a telnet
test: 250-STARTTLS.
Do I even need to select Mutual TLS in the certificate request wizard? Is it reccomended?
Hub Transport Server : Use mutual TLS to help secure internet mail
Finally I have test mailbox that I online moved to the new server and I have connected that outlook 2010 account to the new Exchange 2010 server yet I see the certificate from the old Exchange 2010 server when I configure a new outlook connection. Currently the two Exchange 2010 servers are co-existing but is this normal to see the old server's self signed cert in new outlook clients of the new server?
Thanks,
Rich
The server is already responding with opportunistic TLS because I see the TLS response during a telnet
test: 250-STARTTLS.
Do I even need to select Mutual TLS in the certificate request wizard? Is it reccomended?
Hub Transport Server : Use mutual TLS to help secure internet mail
Finally I have test mailbox that I online moved to the new server and I have connected that outlook 2010 account to the new Exchange 2010 server yet I see the certificate from the old Exchange 2010 server when I configure a new outlook connection. Currently the two Exchange 2010 servers are co-existing but is this normal to see the old server's self signed cert in new outlook clients of the new server?
Thanks,
Rich
ASKER
Hello Will,
No CAS Servers we are doing an in place transition from physical Exchange Server 2010 to Virtual Exchange 2010.
So currently our two Exchange Servers are essentially sharing a self signed cert?
I just went through the wizard and submitted the request to Digicert.
No CAS Servers we are doing an in place transition from physical Exchange Server 2010 to Virtual Exchange 2010.
So currently our two Exchange Servers are essentially sharing a self signed cert?
I just went through the wizard and submitted the request to Digicert.
ASKER
There is a pending cert request on the new server only. Nothing under the old server except for the old self signed cert which is set to expire in June.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Understood thanks.
https://technet.microsoft.com/en-us/library/bb123543%28v=exchg.141%29.aspx
Do you have your CAS servers load balanced? You are using Exchange 2010 so when you get a new certificate you will need to update the cert on all of the Exchange 2010 servers. You will also need to run the Enable-ExchangeCertificate
Once you have tested this you can remove old certs using the Remove-ExchangeCertificate
Depending on how your have your virtual directories set for your internal URL's you might have to keep the self singed cert if you are pointing to the fqdn of the server name. Personally if you have split DNS configured I would be have the External and Internal URL's the same for simplicity.
Will.