Link to home
Start Free TrialLog in
Avatar of Pro Suite
Pro SuiteFlag for Belgium

asked on

Exchange 2013 certificate

We currently have an Exchange 2013 with  a self signed certificate (stupid, I know). We need to replace it with a non-seflsigned one.

Is it just ok to delete the selfsigned one and import the new one?
ASKER CERTIFIED SOLUTION
Avatar of Amit
Amit
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
HI ICTSYSTEMS,
You need one self signed certificate for your inter server communication.
You can check my comment in MS Technet to create a new certificate.

You need one 3rd party certificate (e.g. Digicert, Godaddy) for client server communication.
Use this to generate CSR command generator for your 3rd party certificate.
https://www.experts-exchange.com/articles/28662/Easy-CSR-creation-Exchange-2007-2010-and-2013.html
Upload the CSR to the 3rd party portal and complete the pending request by following any of these. Do not miss to enable IIS on the 3rd party certificate.
https://uk.godaddy.com/help/exchange-server-2013-install-a-certificate-4774
http://www.msexchange.org/articles-tutorials/exchange-server-2013/management-administration/managing-certificates-exchange-server-2013-part3.html

Note: You need two names in your certificate. i.e. mail.domain.com and autodiscover.domain.com

Thanks
MAS
Avatar of Pro Suite

ASKER

I already have a certificate and I already signed certificates to Exchange 2013/2016 servers in the past with no problems.

I just wonder if there is anything that could go wrong when assigning a certificate to a server that already has a self signed one for the client server communication.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
"I just wonder if there is anything that could go wrong when assigning a certificate to a server that already has a self signed one for the client server communication. "

What I've seen going wrong is when the clients accessing the server do not have/can't download the certificates in the certificate path (root certificate/intermediate certificate if required) to validate the Exchange servers.
Treat this activity as first time setup and where you need to implement the right certificate. KB given by me is enough to complete this task.
We successfully added the certificate and deleted the old one. We only had to set the internal autodiscover url to the right one.
I object to your answer selection. I provided same answer in first post.