locked
need few basic idea about certificate RRS feed

  • Question

  • Hi,

    Just wan to know what are the different certificate available on exchange 2010 to run smoothly .

    And if not install what impact will come .




    • Edited by satya11 Tuesday, October 23, 2012 10:55 AM
    Tuesday, October 23, 2012 10:53 AM

Answers

  • Hi,

    Certificates are mandatory in Exchange 2010 Client Access servers.

    By default, when you install Exchange 2010, client communications are encrypted using SSL when you use OWA, ActiveSync, and Outlook Anywhere. By default, POP3 and IMAP4 aren't configured to communicate over SSL.

    SSL requires that you use digital certificates. When you install Exchange 2010, a self-signed certificate is automatically configured. Exchange ActiveSync and Outlook Web App can establish an SSL connection by using a self-signed certificate. Outlook Anywhere won't work with a self-signed certificate.

    Next option is use a certificate generated by Internal CA. This can be used to secure all client access services except some of the Active Sync devices. 

    Third-party certificate are expensive. But that is the optimal solution to use.


    Regards from ExchangeOnline | Windows Administrator's forums

    • Marked as answer by satya11 Wednesday, October 24, 2012 9:11 PM
    Tuesday, October 23, 2012 11:21 AM
  • Hi,
    There is a lot of good information about the subject in the below Technet Article.

    Understanding Digital Certificates and SS
    http://technet.microsoft.com/en-us/library/dd351044.aspx


    A Third-Party certificate with the names you need (for example mail.domain.com,autodiscover.com) doesn't have to be expensive at all. You can get one for 70-90$/year and is worth every penny.


    Martina Miskovic

    Tuesday, October 23, 2012 1:43 PM

All replies

  • Hi,

    Certificates are mandatory in Exchange 2010 Client Access servers.

    By default, when you install Exchange 2010, client communications are encrypted using SSL when you use OWA, ActiveSync, and Outlook Anywhere. By default, POP3 and IMAP4 aren't configured to communicate over SSL.

    SSL requires that you use digital certificates. When you install Exchange 2010, a self-signed certificate is automatically configured. Exchange ActiveSync and Outlook Web App can establish an SSL connection by using a self-signed certificate. Outlook Anywhere won't work with a self-signed certificate.

    Next option is use a certificate generated by Internal CA. This can be used to secure all client access services except some of the Active Sync devices. 

    Third-party certificate are expensive. But that is the optimal solution to use.


    Regards from ExchangeOnline | Windows Administrator's forums

    • Marked as answer by satya11 Wednesday, October 24, 2012 9:11 PM
    Tuesday, October 23, 2012 11:21 AM
  • Hi,
    There is a lot of good information about the subject in the below Technet Article.

    Understanding Digital Certificates and SS
    http://technet.microsoft.com/en-us/library/dd351044.aspx


    A Third-Party certificate with the names you need (for example mail.domain.com,autodiscover.com) doesn't have to be expensive at all. You can get one for 70-90$/year and is worth every penny.


    Martina Miskovic

    Tuesday, October 23, 2012 1:43 PM