Disable SSL on Exchange

Posted on 2016-08-02
Last Modified: 2016-08-15
We are running Exchange 2010 SP3 RU12, and I'm trying to determine is disabling SSL on the server and client is acceptable without breaking anything. From what I have read it seems that everything should be fine, but trying to get an opinion from others that may
have done this.
Question by:timgreen7077
  • 5
  • 3
LVL 35

Expert Comment

ID: 41738909
It will work. It's just that when someone uses a public wifi (or any other network that's not their home or office connection), the traffic can be decoded quite easily (meaning, no privacy, all the email can be read in an instant). This obviously requires a hacker on that same foreign network.

Author Comment

ID: 41738947
This may be above my original question, but have you ever done this and what steps did you follow. If  this is above the original question and you choose not to answer i understand.

Expert Comment

by:El Fierro
ID: 41739584
You will encounter issues...
Exchange Server server that hosted the Client Access server role has SSL required by default for services such as:

    Outlook Web App (OWA)
    ActiveSync (mobile device access)
    Exchange Web Services
    Outlook Anywhere (aka RPC-over HTTPS)

May we know why you want to disable the ssl?
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Author Comment

ID: 41739615
the security team see it as a vulnerability. We will continue using TLS but they want to remove SSL.

Expert Comment

by:El Fierro
ID: 41739635
The only issue i encountered by a 3rd party security auditing was that my ssl had to 1024 bit encryption instead of 2048. The auditor also gave us crap about it not being bought from a "trusted" seller.that was resolved by showing them that our exchange ssl was bought from a authorized godaddy reseller.I'm curious why is it a vulnerability from their view?

Author Comment

ID: 41739653
Our SSL cert is also from a 3rd party and it 2048, but they want to disable SSL on the server side and client side of Exchange. Its also because of auditing. I have a call into Microsoft to see what they say also. I'm also curious about what you guys say here at the exchange.

Expert Comment

by:El Fierro
ID: 41739665
Well tim you need it as shown on the list, prior to exchange 07 it wasnt required but you will encounter various authentication issues and errors on the client side just to name a couple .you would think they'd know and tell u more about disabling ssl on exchange. Ive never heard of anyone saying u have to disable ssl unless they ask u to replace it..unless you dont require external access then u can use a self signed ssl.

Accepted Solution

timgreen7077 earned 0 total points
ID: 41750444
I have reached out to Microsoft on this and disabling SSL will not cause and issue. The actually sent me a link with instructions and via multiple emails assured me that it will not affect anything. Only devices that rely on SSL 2.0 or 3.0 will be affected but generally most devices no understand TLS, so disabling SSL will be fine. See link

Author Closing Comment

ID: 41756108
After communicating with Microsoft they assured me that disabling SSL will not cause any issues other than devices that only speak SSL but that is rare.

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2010 and Outlook 2010 2 32
Exchange Servger 2016 on Windows Server 2016 Essential 4 70
Exchange Server 2016 Version 3 17
exchange, active directory 3 30
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question