Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exchange 2010 and certificate requirement

Status
Not open for further replies.
techseek

techseek

MIS
Nov 5, 2010
97
US
Hello
I thought I poseted yesterday but I guess it didn't go through
I am tasked with transitioning Exch03 to 2010. Small 30 user LAN which does not operate with high security.
I've never dealt with SSl. I read doing my prep for this transition that Exch2010 installs a self-signed cert (which I am guessing most installs later replace with a purchased cert)
Is it possible to operate (IMAP, Outlook web access, regular mail) without the certificate(s)?
and if not, can someone point me to a doc that explains more about how to configure them etc.
Thank you
 
Sort by date Sort by votes
Why on earth would you not want SSL? SSL is used extensively in 2010. You need SSL for mobile devices, TLS, etc. You'll need a UC cert with SANs of your autodiscover address, OWA address, MX address (often the same as the OWA address), and any other addresses you configue.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Hello
Well, we've operated with no problems. However, if that's the way to go - I'm all for it as long as i can get good info on how to configure all that needs to be configured.
This is all on me so I need detailed steps.
For example, some of those terms are not familiar to me just yet
UC?
SAN?
and I've never dealt with an autodiscover address in Exch03 - maybe it gets configured automatically - remember our environment is nothing fancy
Thanks
 
Upvote 0 Downvote
autodiscover is a component of Exchange 2007 and 2010 that must be configured manually. And the URI that is in the autodiscover external URL needs to appear in your UC (Unified Communications) certificate as a SAN (Subject Alternative Name). So, at the very least, you'll end up with a cert that looks something like:

CN=mail.domain.com
SAN=mail.domain.com, autodiscover.domain.com

If you're not using split-brain DNS, then you'll have internal URLs that need to be added as well.

Certificate use in 2010 is considerably different than 2003. Entire book chapters have been written on what's going on under the hood (I spent ~40 pages covering it in a 2007 book). You'd be best prepared with reading about that so that when you order your cert, you're able to provide all info the first time.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Yes, well I think my brain is going to split
but thanks for clarifying some of this
i'm off to do some reading
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
1K
PatrickRoggers
PatrickRoggers
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
1K
DrB0b
DrB0b
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
1K
ComputersUnlimited
ComputersUnlimited
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
1K
Wesaf
Wesaf

Part and Inventory Search

Sponsor

Back
Top