Technology Tips and News
Hello!
I have some questions about certificates in Hybrid Deployment between Exchange Server 2013 and Office 365.
My costumer have a Exchange Server 2013 with Public Certificate imported:
With the following SANs configured:
DNS Name=webmail.DOMAIN.COM.BR
DNS Name=autodiscover.DOMAIN.COM.BR
My questions is:
1 - I need import more one public certificate to configure hybrid deployment or i can configure in this way??
Thanks!
Hi Julio,
Thank you for your question.
When configuring a hybrid deployment, many services make use of certificate, for example: Active Directory Federation Services (AD FS), Exchange federation, Exchange services, Existing Exchange servers, so we must use and configure certificates that we have purchased from a trusted third-party CA. The certificate used for hybrid secure mail transport must be installed on all on-premises Exchange 2013 Mailbox and Client Access servers.
We will deploy more than one certificate in a hybrid environment, We recommend that you use a dedicated third-party certificate for any optional AD FS server, another certificate for the Exchange services for your hybrid deployment, and if needed, another certificate on your Exchange servers for other needed services or features. The on-premises federated trust configured as part of federated sharing in a hybrid deployment uses a self-signed certificate by default. Unless you have specific requirements, there's no need to use a third-party certificate with the federation trust configured as part of a hybrid deployment.
We could refer to the following link:
https://technet.microsoft.com/en-us/library/hh563848(v=exchg.150).aspx
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Hi, Jim Xu.
Thanks for your answer!
In my hybrid deployment, i'll configure only a AADSync Server. If i import another third-party certificate and configure to use SMTP and IIS (necessary for hybrid), i would need to replace the current certificate, correct? In my case, i will need use the current certificate. My thinking is correctly?
Sorry for my english, i'm brazilian.
Hi Julio,
By my understanding, we need not to figure the IIS or SMTP to new certificate, just use he current certificate.
We could refer to the following link to install AADsync.
https://msdn.microsoft.com/en-us/library/azure/dn757602.aspx
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Why not ask your certificate provider to modify the existing cert (after submiting the correct request) to add the urls (like sts.domain.com.br) that you need for a hybrid deployment?
If you get the cert from Digicert, they allow you to install the same cert on any number of servers without any additional cost.
Check this article series for more info http://www.msexchange.org/articles-tutorials/office-365/exchange-online/configuring-exchange-2013-hybrid-deployment-migrating-office-365-exchange-online-part4.html
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier