cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Certificate Requirements for a Hybrid Deployment

Ian Moran
Steel Contributor

‎Aug 10 2017 02:19 PM

‎Aug 10 2017 02:19 PM

Certificate Requirements for a Hybrid Deployment

The article at https://technet.microsoft.com/en-us/library/hh563848(v=exchg.150).aspx states ..

 

"When configuring a hybrid deployment, you must use and configure certificates that you have purchased from a trusted third-party CA. The certificate used for hybrid secure mail transport must be installed on all on-premises Mailbox (Exchange 2016 and newer), and Mailbox and Client Access (Exchange 2013 and older) servers"

 

Does this imply that in a 2007/2013 deployment the certificate must be installed on the 2013 CAS server AND all 2007 Mailbox & Client Access Servers ?

 

Output from the EDA only documents installation on the internet facing 2013 CAS server.

 

3,802 Views
0 Likes
5 Replies
Reply
5 Replies
Nuno Silva

‎Aug 10 2017 03:02 PM

‎Aug 10 2017 03:02 PM

Re: Certificate Requirements for a Hybrid Deployment

Hi Ian,

 

It alway a best practice to have the same certificate across all Exchange Environment.

 

You can have multiple certificates, but is best to acomplish omogeneous environment with the same certificates to evict problems.

1 Like
Reply
Adam Ochs

‎Aug 10 2017 03:24 PM

‎Aug 10 2017 03:24 PM

Re: Certificate Requirements for a Hybrid Deployment

Completely agree, just re-use the same cert. That is what we do with every single one of our customers deployments, and it works like a charm!

0 Likes
Reply
Ian Moran

‎Aug 10 2017 03:36 PM

‎Aug 10 2017 03:36 PM

Re: Certificate Requirements for a Hybrid Deployment

The question was really around the servers on which this certificate should be installed. It's clear it is generated and installed on the 2013 server as it's the endpoint for all incoming connections but the EDA makes no mention of installing the certificate on the 2007 servers. - although it makes complete sense to do so
0 Likes
Reply
best response confirmed by Ian Moran (Steel Contributor)
Adam Ochs

‎Aug 10 2017 04:42 PM

‎Aug 10 2017 04:42 PM

Solution

Re: Certificate Requirements for a Hybrid Deployment

Hey Ian,

For the purpose of the wizard, only the endpoint/connection point that you are making with O365 is required/needed.

But you should have the same cert going on all your servers in an ideal world.

Adam
1 Like
Reply
Ian Moran

‎Aug 10 2017 09:31 PM

‎Aug 10 2017 09:31 PM

Re: Certificate Requirements for a Hybrid Deployment

Thanks for clarification Adam
0 Likes
Reply