Exchange 2010: need for and purpose of SS certificate?

Hi, all!  Exchange 2010 SP3 RU7 stand-alone server on Server 2k8 R2.  Two sites, each running stand-alone single database servers, NO DAG.

The self-signed certificate on this Exchange server is about to expire: given that I have a valid 3rd party SSL cert installed and active, is the SS certificate even required?   If so, what is it used for?  I've read a number of reports that just going the Renew Exchange Certificate route breaks OWA, so is there a document somewhere that's been vetted by the community for accuracy and "no surprises"?


ps: I've tried searching here but either the search is broken (same results for ANY Exchange search) or it's gotten really bad in the last year.
Steve BottomsSr Network AdminAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott GorcesterCTOCommented:
If you have a commercial certificate you should not need the self signed cert, it may be necessary to insure that all of your services are properly registered to the commercial certificate.
Guy LidbetterCommented:
If you run get-exchangecertificate and the SSL is assigned to SMTP, IIS, POP and IMAP... and its the one seen when using OWA, just uninstall the old SS cert....
Simon Butler (Sembee)ConsultantCommented:
You will need to have a self signed SSL certificate for internal use by Exchange.
That is because Exchange needs to see an SSL certificate with the server's real name on it.

The easiest way to renew the certificate is simply to run new-exchangecertificate from EMS. No further switches or options. It will then prompt you to replace the default SMTP certificate, which you need to say yes to.
Once complete, remove the old expired certificate with remove-exchangecertificate


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steve BottomsSr Network AdminAuthor Commented:
Thanks for the comments, guys!  I know my third-party cert must be there for our public-facing OWA/Autodiscover services, but I was just unsure about the SS.  I'll do a renew and we'll go from there.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.