none
private CA versus public CA in exchange certifate (smtp,iis) RRS feed

  • Question

  • Hi all 

    is there a problem when using a SAN certificate generated from a private CA in exchange 2010 rather than buying a certificae from public CA .

    I know that it will not be trusted for users that are not joined the domain but I can send the root certifcate to those users to install it in the trusted root ertiificate on their pc 

    Sunday, July 21, 2019 8:59 AM

Answers

  • Hi all 

    is there a problem when using a SAN certificate generated from a private CA in exchange 2010 rather than buying a certificae from public CA .

    I know that it will not be trusted for users that are not joined the domain but I can send the root certifcate to those users to install it in the trusted root ertiificate on their pc 

    Outlook Anywhere requires a 3rd party cert. Also, its a management headache to manage an cert from your own PKI. I would highly recommend using a 3rd party cert for all Exchange requirements.
    • Marked as answer by om zeyad Monday, July 22, 2019 7:57 AM
    Sunday, July 21, 2019 1:46 PM
    Moderator
  • Hi,

     

    For the certificate issued by an internal CA, it increases complexity to deploy and maintain the PKI. The certificate isn't automatically trusted by client computers and mobile devices. The certificate needs to be manually added to the trusted root certificate store on all client computers and devices, but not all mobile devices allow changes to the trusted root certificate store.

     

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com


    • Marked as answer by om zeyad Monday, July 22, 2019 7:57 AM
    Monday, July 22, 2019 6:34 AM

All replies

  • Hi all 

    is there a problem when using a SAN certificate generated from a private CA in exchange 2010 rather than buying a certificae from public CA .

    I know that it will not be trusted for users that are not joined the domain but I can send the root certifcate to those users to install it in the trusted root ertiificate on their pc 

    Outlook Anywhere requires a 3rd party cert. Also, its a management headache to manage an cert from your own PKI. I would highly recommend using a 3rd party cert for all Exchange requirements.
    • Marked as answer by om zeyad Monday, July 22, 2019 7:57 AM
    Sunday, July 21, 2019 1:46 PM
    Moderator
  • Hi,

     

    For the certificate issued by an internal CA, it increases complexity to deploy and maintain the PKI. The certificate isn't automatically trusted by client computers and mobile devices. The certificate needs to be manually added to the trusted root certificate store on all client computers and devices, but not all mobile devices allow changes to the trusted root certificate store.

     

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com


    • Marked as answer by om zeyad Monday, July 22, 2019 7:57 AM
    Monday, July 22, 2019 6:34 AM
  • I just wanted to be sure that there is no security issue until we buy a certificate 
    Monday, July 22, 2019 7:58 AM