Exchange Server and Certificates

Hi there Experts,

Regarding Exchange 2010 and later versions please clarify me the following:

Q1) Which are the mandatory certificates and which are optional?

Q2) What’s the difference between the Self-Signed Certificates and Public ones?

Q3) What is the use of Self-Signed Certificated and Public?

Q4) Is there any Certificate that is installed automatically during Exchange’s initial Installation?

Thanks in advance,
Mamelas
mamelasAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Amit KumarCommented:
Please find answers:

Q1) Which are the mandatory certificates and which are optional?

Ans: To secure Exchange Client connectivity we apply certificates so Microsoft recommend UC certificate, this type of certificate can contain multiple Subject Name (DNS Names) and this certificate can be applied on all Exchange services. Optionally we can use Wild Card certificate this type of certificate is authorized to publish whole domain, so any web service which is like web.abc.com and if you apply wild card certificate (*.abc.com) then it will authorized your web service with SSL connectivity. Mandatory certificates are All CAS web services including POP3 and IMAP. If you want to use TLS on SMTP so use certificate for this. One more thing if you have enabled policy to automatic computer certificate generation, so server which is joining in Domain will have a domain generated certificate by your internal CA.

Q2) What’s the difference between the Self-Signed Certificates and Public ones?

Ans: Self-signed certificates are not certified by any authority, so whenever you will use self signed certificate it will give a warning while opening website. if you use a certificate provided by Public CA then site on which it is applied will open without any warning and connection will be opened between Client and server over TLS/SSL.

Q3) What is the use of Self-Signed Certificated and Public?

Ans: Both certificates are used for enabling TLS/SSL on web/SMTP/POP/IMAP/RPC services or using as authentication mechanism between the servers.

Q4) Is there any Certificate that is installed automatically during Exchange’s initial Installation?

Ans: Yes! whenever you install new setup it always create self-signed certificate. One more in case you have internal CA and configured a group policy to automatic enrollment of all domain joined computers then it will have a domain signed certificate.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MAS (MVE)EE Solution GuideCommented:
-->Q1) Which are the mandatory certificates and which are optional?


-->Q2) What’s the difference between the Self-Signed Certificates and Public ones?
Self signed certificates will popup certificate errors/warnings as it is not trusted by browsers.

-->Q3) What is the use of Self-Signed Certificated and Public?
Self signed certificate is used for inter server communication.
Public certificate is used for client-server communication

-->Q4) Is there any Certificate that is installed automatically during Exchange’s initial Installation?
A self signed certificate will issued and enabled SMTP services at the time of installation
0
mamelasAuthor Commented:
Thank you both for your rapid answers!!

So, Public Certificates are being used for Clients that are accessing their Mailboxes externally (i.e. via OWA or ActiveSync)

and Self-signed certificates are being used Internally between Clients and Server (i.e. via Outlook)
but can also be used Externally giving a warning message since they are not certified.

Correct??
0
MAS (MVE)EE Solution GuideCommented:
-->So, Public Certificates are being used for Clients that are accessing their Mailboxes externally (i.e. via OWA or ActiveSync)
Yes. Externally/internally using outlook anywhere, OWA, Activesync etc.

-->and Self-signed certificates are being used Internally between Clients and Server (i.e. via Outlook)
but can also be used Externally giving a warning message since they are not certified.

No. Normally only SMTP service is enabled on Self signed certificates and it is used for inter-server communication.
0
mamelasAuthor Commented:
Thank you very much!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.