I'm outside my comfort zone here with certificates. It is not something I have had deal with very often. So I may be asking some very basic questions confuddled by my lack of knowledge.
In Exchange server config there are several certs listed. Some are self-signed TRUE and a couple FALSE. That is confusing as we never purchased anything. They should all be self-signed. I tried to renew one of the certs but it kept asking for the REQ file. I did not have one. The instructions I found on TECHNET did not indicate how to generate this file.
I created a new cert than assigned all the services to it. Outlook is still having issues. Some iPhones seem to be having issues.
So what I would like to do is start clean if possible. Can I shutdown exchange for a short time, remove all certs and create new self-signed certs for internal and external connections? 3rd party for external will be expensive for us. I have been told we need a wildcard, UCC cert, this will be 565 a year if we purchase it for 3 years. That is more than the business owner wants to spend right now. I would prefer getting a 3rd party cert but we have been using the original self signed ones since exchange was configured.
So I need help to make sure Exchange is configured properly, the certs work for mobile devices and for internal exchange. Should we change the external DNS to something else and configure the phones differently? I'm willing to make those changes if it will solve the bulk of our issues.
I understand this is probably a lot or work, but I need to get this all setup correctly so I can figure out if there another issues happening as well.