Hello By default the self signed SSL Certificate is installed. I bought a public cert from godaddy. Is it OK to remove the old certificate? I think to. Do I have to assign all services (self signed holds IMAP, POP, SMTP) to the new certificate?I've no plan to use these with a certificate, just need ssl for the OWA. Thanks for your help Norbert

Hi Norbert, It would be better to assign SAN certificate for all features (services) of Exchange since self-signed is not secure as third party. Self-signed certificate you need to renew every year whenever it expires. Once you install/enable SAN certificate then you can run below command to remove old self-signed certificate. Remove-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx References: Remove-ExchangeCertificate http://technet.microsoft.com/en-us/library/aa997569(EXCHG.80).aspx Certificate Use in Exchange Server 2007 http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx How to Configure Outlook Web Access Virtual Directories to Use SSL http://technet.microsoft.com/en-us/library/bb123583(EXCHG.80).aspx

Hi Amit Well, i use a SAN Certificate from godaddy. Until now, i only assigned the IIS Service to the new certificate. Because the internal has the services I was asking, if it is ok to remove the old (self signed) without assign the services to an other ssl certificate. IMAP and POP are not used. I'm not shure if SMTPneed the cert... ThanksNorbert

Yes Norbert, CAS doesnt communicate on SMTP service so you can skip certificate assignment on it. IMAP & POP3 are not in use then you can leave self-signed certificate on it or can assign new certificate but if you remove all certificates then I have doubt that it gives warning/error in event log. For usage of certificate in CAS like Autodiscover & Client Access Application, you can refer below article for detail and procedure. Certificate Use in Exchange Server 2007 http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx

Hello Amit If I leave the self signed certificate for SMTP, IMAP and POP there will be a "problem" (warnings in the event log)in 1 year - or I've to renew the self signed certificate... Will it be OK to assign a bought thawte Wildcard certificate for all services? Thanks Norbert

Hi Norbert, You will get warnings in event log when it is going to expire. SAN is better compare to wildcard certificate, check below blog entry from Jim... http://mostlyexchange.blogspot.com/2008/09/exchange-server-2007-and-wild-card.html

Hello Ok, thanks for the input.I found a wildcard cert which can also include Alternative Names. The Issue should not come with WM 5 and OAnyhwere. Hopefully ;-) Norbert