Certifcates in exchange

Hi

I'm moving to a new trusted certificate (Geotrust) in exchange. The current one is self signed. I have imported the new certificate, my questions is will any disruptions happen with users (Mostly Outlook Clients win7) when I assign services to the new cert?

My guess is no, but I just want to make sure as I have many users and I don't want to cause chaos.

Thanks 

June 2nd, 2015 8:19pm
If the certificate's root is trusted by the clients, and if its intermediate certificates are trusted or properly installed on the Exchange server, clients should not notice any change.
Free Windows Admin Tool Kit Click here and download it now
June 2nd, 2015 8:47pm

I have installed the intermediate certificates via certificate MMC on the exchange server and clients seem to have a GeoTrust Global CA in trusted root CA's.

So Hopefully its all smooth sailing.

Thanks for your help!

June 2nd, 2015 9:01pm

You're welcome, happy to have helped.  You're welcome to mark my post as helpful and/or the answer as appropriate.

Free Windows Admin Tool Kit Click here and download it now
June 2nd, 2015 10:12pm

I tried to assign services to the new certificate and ran into a few issues. I forgot to mention that the certificate is a wildcard certificate. I now know there will be some problems with wildcard certificates and exchange.

I know about the issues with IMAP and POP: https://technet.microsoft.com/en-us/library/aa997231.aspx

Our environment:

1 Exchange 2010 server

outlook 2010 clients

various smart phones/ devices connecting via https 443

outlook anywhere = disabled

Can a wildcard certificate work or should I go for a certificate with SAN's?

Googlelization of this does not seem to bring forth clear help.

Thanks again

June 3rd, 2015 8:46pm

Hi Nitsuj,

Yes, a wildcard certificate can be used with exchange 2010.

I recommend you refer to the following article to understand wildcard certificate :

Exchange 2010 FAQ: Are Wildcard SSL Certificates Supported

Best regards,

Free Windows Admin Tool Kit Click here and download it now
June 4th, 2015 4:53am

A wildcard certificate is fine, but you'll want to configure it for Outlook Anywhere.

Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.company.com

Also, a wildcard certificate isn't appropriate for IMAP and POP.

June 4th, 2015 3:36pm

Hi Ed,

We are not using outlook anywhere, it is disabled. Would I still need to configure the certificate?

If a wildcard certificate are not appropriate for IMAP amd POP, why does the article below state this. I know its written for exchange 2013. Does 2010 differ fro 2013 in this respect?

https://technet.microsoft.com/en-us/library/aa997231.aspx

"Don't use the Enable-ExchangeCertificate cmdlet to enable a wildcard certificate for POP and IMAP services. To enable a wildcard certificate, you must use the Set-ImapSettings or Set-PopSettings cmdlets with the fully qualified domain name (FQDN) of the service."

Thanks again



  • Edited by nitsuj7 10 hours 20 minutes ago
Free Windows Admin Tool Kit Click here and download it now
June 4th, 2015 5:08pm

I stand corrected.

June 4th, 2015 9:41pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics