Good Morning Everybody,

I am in the process of doing an Exchange 2010 > 2013 migration and had a question about assigning Exchange services to server certificates.  In the current setup, all services are assigned to the third party (Entrust) certificate.  Is this best practice.  I have seen some posts where people state to keep the SMTP service assigned to a self-signed cert.  Just curious what the best practice is.  Any guidance would be greatly appreciated.

--Scott

It depends.  If you have a wildcard certificate, you can't assign it to POP and IMAP.  If you use the same name for all services, then naturally you'd assign the certificate to all services.

SMTP is different in that it can be assigned to more than one certificate.  It's fine to assign it to the Entrust certificate for use with Internet TLS, but you will also want it assigned to the self-signed certificate for communication between Exchange servers.

Thank you very much for the quick response.  It is very much appreciated.  Have a great day.

You're welcome, happy to have helped.

Hello,

For more reference about Exchange 2013 certificate, please see:

https://technet.microsoft.com/en-us/library/dd351044(v=exchg.150).aspx

Thanks,

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com