Exchange 2010: need for and purpose of SS certificate?

Hi, all!  Exchange 2010 SP3 RU7 stand-alone server on Server 2k8 R2.  Two sites, each running stand-alone single database servers, NO DAG.

The self-signed certificate on this Exchange server is about to expire: given that I have a valid 3rd party SSL cert installed and active, is the SS certificate even required?   If so, what is it used for?  I've read a number of reports that just going the Renew Exchange Certificate route breaks OWA, so is there a document somewhere that's been vetted by the community for accuracy and "no surprises"?


ps: I've tried searching here but either the search is broken (same results for ANY Exchange search) or it's gotten really bad in the last year.
Steve BottomsSr Network AdminAsked:
Who is Participating?
Simon Butler (Sembee)ConsultantCommented:
You will need to have a self signed SSL certificate for internal use by Exchange.
That is because Exchange needs to see an SSL certificate with the server's real name on it.

The easiest way to renew the certificate is simply to run new-exchangecertificate from EMS. No further switches or options. It will then prompt you to replace the default SMTP certificate, which you need to say yes to.
Once complete, remove the old expired certificate with remove-exchangecertificate

Scott GorcesterCTOCommented:
If you have a commercial certificate you should not need the self signed cert, it may be necessary to insure that all of your services are properly registered to the commercial certificate.
Guy LidbetterCommented:
If you run get-exchangecertificate and the SSL is assigned to SMTP, IIS, POP and IMAP... and its the one seen when using OWA, just uninstall the old SS cert....
Steve BottomsSr Network AdminAuthor Commented:
Thanks for the comments, guys!  I know my third-party cert must be there for our public-facing OWA/Autodiscover services, but I was just unsure about the SS.  I'll do a renew and we'll go from there.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.