Certificate-questions?

Hi there,

I don't fully understand how certificates when deploying CAS and MBX on separate servers. Here are my questions:

  1. I have multiple Certificates that overlap in the assignes services. How ca that be?
    CAS:
        - MYCERT: valid, IMAP, POP, IIS, SMTP
        - Microsoft Exchange Server Auth Certificate: valid, SMTP
        - Microsoft Exchange: valid, IIS, SMTP
        - WMSVC: valid, None
    MBX:
        - Microsoft Exchange Server Auth Certificate: valid, SMTP
        - Microsoft Exchange: valid, IMAP, POP, IIS, SMTP
        - WMSVC: valid, None
  2. How do I know what certificate is really being used for what service?
  3. Get-ExchangeCertificate returns only the certificates from MBX, not CAS?
  4. What if I want to add an additional certificate in a multi-tenant-installation?

I have some clues, but I like to get some answers from you to get it right.

Thanks

sr

July 2nd, 2013 3:51pm

If you are not using Domain Security with TLS, POP or IMAP, actually you only care about certificate assigned to IIS service. You can check which certificate is assigned to Exchange web site in IIS console. 

You can also use certificates with multiple names (SAN).

Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2013 6:17pm
Hi damird, thanks for your answer! And if I care about POP and IMAP? I mean, why do I need those two "Exchange " certificates when I ticked all those services in MYCERT?
July 3rd, 2013 2:40am
Exchange allows you to have more than one certificate for some services. One that was assigned last will be preferred in communication.
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2013 3:58am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics