Forum Discussion
Certificate Requirements for a Hybrid Deployment
The article at https://technet.microsoft.com/en-us/library/hh563848(v=exchg.150).aspx states ..
"When configuring a hybrid deployment, you must use and configure certificates that you have purchased from a trusted third-party CA. The certificate used for hybrid secure mail transport must be installed on all on-premises Mailbox (Exchange 2016 and newer), and Mailbox and Client Access (Exchange 2013 and older) servers"
Does this imply that in a 2007/2013 deployment the certificate must be installed on the 2013 CAS server AND all 2007 Mailbox & Client Access Servers ?
Output from the EDA only documents installation on the internet facing 2013 CAS server.
- Hey Ian,
For the purpose of the wizard, only the endpoint/connection point that you are making with O365 is required/needed.
But you should have the same cert going on all your servers in an ideal world.
Adam
5 Replies
Hi Ian,
It alway a best practice to have the same certificate across all Exchange Environment.
You can have multiple certificates, but is best to acomplish omogeneous environment with the same certificates to evict problems.
- The question was really around the servers on which this certificate should be installed. It's clear it is generated and installed on the 2013 server as it's the endpoint for all incoming connections but the EDA makes no mention of installing the certificate on the 2007 servers. - although it makes complete sense to do so
- Hey Ian,
For the purpose of the wizard, only the endpoint/connection point that you are making with O365 is required/needed.
But you should have the same cert going on all your servers in an ideal world.
Adam
Completely agree, just re-use the same cert. That is what we do with every single one of our customers deployments, and it works like a charm!
