Forum Discussion

MarcSpessartForest's avatar
MarcSpessartForest
Copper Contributor
May 07, 2025
Solved

DAG Exchange 2016 -> 2019 Migration, Certificate Question

Hello folks!

I have a question regarding a migration from an existing Exchange 2016 2-Node DAG to an Exchange 2019 2-Node DAG (O/S Server 2022) and the Certificate for Exchange Services (mapi,ecp,oab,ews and so on....). 

The existing Exchange 2016 server both use the same RSA 2048bit certificate. I´m considering whether to issue an ECDA P-384 certificate for the new Exchange 2019 servers. This certificate would also serve as the basis for the later upgrade to Exchange SE.

Could the different certificates cause problems during the migration?

 

 

certificate
ECDSA
Exchange 2019 Migration
Exchange Server
OnPremise
  • TaeYounAnn's avatar
    TaeYounAnn
    May 08, 2025

    Hi MarcSpessartForest​ 

    It is most secure to use RSA certificates during Exchange Hybrid configuration or legacy coexistence. 
    After migration is complete, it is recommended to switch to ECDSA certificates as needed.

1 Reply

Sort By
  • TaeYounAnn's avatar
    TaeYounAnn
    MVP
    May 08, 2025

    Hi MarcSpessartForest​ 

    It is most secure to use RSA certificates during Exchange Hybrid configuration or legacy coexistence. 
    After migration is complete, it is recommended to switch to ECDSA certificates as needed.

Resources