SSL Certificate

Dear all,

on our Exchange 2013 have the self signed Certificate that exchange Generate the first time we install it.

lately we applied a new SSL and its implemented .

Can i delete the self signed certificates or just leave them there ? or just unassign their services ?

thank you


  • Edited by Julien.AG Friday, March 13, 2015 10:04 PM
March 13th, 2015 10:02pm

Thank you so much all for your answer.

i am having one issue. everytime i open outlook its pops up with the self sign certificate "ex.domain.lan"

i add the certificate to the trusted host,

once outlook is restarted the same security alert pops up 

Ex.domain.lan

Information you exchange with this site cannot be viewed or c hanged by others, however, there is a problem with the site's security certificate 

X tge name on the security Certificate is invalid or does not match the name of the site

as i understand from the message, the SSL is using the DNS name of the exchange webmail.domain.com

but the already configured Outlook is using the Ex.domain.com

i've changed the exchange Proxy to the name assigned on the external Certificate but no fix 

any suggestions how can i fix this thank yu


  • Edited by Julien.AG Monday, March 16, 2015 3:57 PM
Free Windows Admin Tool Kit Click here and download it now
March 16th, 2015 3:54pm

For Outlook Anywhere  run:

Set-OutlookAnywhere -Server <ServerName> -InternalHostname mail.domain.com
(Note, you will probably have to add -InternalAuthenticationMethod and -InternalClientsRequireSSL switches, I didnt include them b\c I don't know what theyre set for in your environment

For Autodiscover: 

Set-ClientAccessServer -Identity <ServerName> -AutodiscoverServiceInternalUri https://mail.domain.com/Autodiscover/Autodiscover.xml

I would do this off hours, so you do not interrupt users during the day being that they are already connected.

You may want to take a look at your OWA, ECP, and EAS virtual directories and mke sure they point to mail.domain.com and not ex.domain.lan otherwise they will get cert errors as

March 17th, 2015 5:21am

then it's 

Set-OutlookAnywhere -Identity "EX\RPC (Default Web Site)" -InternalHostName mail.domain.com -InternalAuthenticationMethod <Whatever your environment uses here> -InternalClientsRequireSSL <$true or $false (whatever you're environment is setup for>

Free Windows Admin Tool Kit Click here and download it now
March 17th, 2015 10:09am

then it's 

Set-OutlookAnywhere -Identity "EX\RPC (Default Web Site)" -InternalHostName mail.domain.com -InternalAuthenticationMethod <Whatever your environment uses here> -InternalClientsRequireSSL <$true or $false (whatever you're environment is setup f

March 17th, 2015 10:18am

Are external users getting cert prompts as well? You can also do the Outlook Anywhere address in the EAC under servers.
Free Windows Admin Tool Kit Click here and download it now
March 17th, 2015 10:43am

Are external users getting cert prompts as well? You can also do the Outlook Anywhere address in the EAC unde
March 17th, 2015 12:48pm

EAC = Exchange Admin Center.  You can make the changes there or via the shell.  but not via IIS.
Free Windows Admin Tool Kit Click here and download it now
March 17th, 2015 1:27pm

Probably more on the Outlook Side of things, it doesn't query autodiscover all the time, it does it on a specific interval (i forget what it is offhand). When you create a new profile that has to go through autodiscover and get the new settings.  So that's probably why
March 19th, 2015 11:51am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics